Analysis
-
max time kernel
3s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-07-2022 09:33
General
-
Target
462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722.exe
-
Size
134KB
-
MD5
24ba99e7fffa82660f61fcdfc941caa4
-
SHA1
f370c5d65301015f2af35d91d1b3dabab81f8765
-
SHA256
462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722
-
SHA512
5c1074465312b21145ff3f7b6145d0b002fc8beb550420a29fc906176bea2a7862c706c9a00532c1a83afc9f53947abce09e12f8908d0fc7c44526994de4ea44
Malware Config
Extracted
gozi_ifsb
1000
tt.zicino.at/rpc
doa.wolexsal.at/rpc
api.xvcbpd.at/rpc
io.tir001.at/rpc
ytruieowphf.bit/rpc
u2.tip4top.at/rpc
vv.ollynot.at/rpc
sq.upstor.at/rpc
api.reg200.at/rpc
cd.iqwoker.at/rpc
qqq.wolexsal.at/rpc
win.zicino.at/rpc
chat.engostol.at/rpc
w2.lolexsal.at/rpc
ya.upstor.at/rpc
mahono.cn/rpc
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
51.255.48.78
8.8.8.8
51.15.98.97
192.71.245.208
188.165.200.156
193.183.98.66
103.236.162.119
111.67.20.8
207.148.83.241
192.99.85.244
142.4.204.111
192.71.245.208
176.126.70.119
139.99.96.146
-
exe_type
loader
-
server_id
150
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722.exe"C:\Users\Admin\AppData\Local\Temp\462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/452-54-0x0000000075361000-0x0000000075363000-memory.dmpFilesize
8KB
-
memory/452-55-0x000000000062E000-0x000000000063A000-memory.dmpFilesize
48KB
-
memory/452-56-0x0000000000240000-0x000000000025B000-memory.dmpFilesize
108KB
-
memory/452-59-0x0000000000400000-0x000000000044C000-memory.dmpFilesize
304KB