Analysis
-
max time kernel
14s -
max time network
16s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-07-2022 05:47
General
-
Target
416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980.exe
-
Size
189KB
-
MD5
d47612c3c48cb18b7b2620c97a9593ea
-
SHA1
39a37e1ac3600be8b70bd43fa30b252978bf2e0d
-
SHA256
416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
-
SHA512
7a6baaf4777aca9fb0e25e67a9f111ab04feb016fa69a556babb90c4cafb139f39ebd90b95a9adabc8a6a5d155daad7a950fb7a310f61a828b7b7b6fbeb7847e
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Botnet
2000
C2
x1.narutik.at/webstore
cdn5.narutik.at/webstore
cd.pranahat.at/webstore
Attributes
-
build
217083
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
172.104.136.243
8.8.8.8
176.126.70.119
51.15.98.97
193.183.98.66
-
exe_type
loader
-
server_id
550
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980.exe"C:\Users\Admin\AppData\Local\Temp\416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2784-130-0x00000000004BD000-0x00000000004C9000-memory.dmpFilesize
48KB
-
memory/2784-131-0x00000000004BD000-0x00000000004C9000-memory.dmpFilesize
48KB
-
memory/2784-132-0x00000000005F0000-0x00000000005FB000-memory.dmpFilesize
44KB
-
memory/2784-133-0x0000000000600000-0x000000000060F000-memory.dmpFilesize
60KB
-
memory/2784-139-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB
-
memory/2784-140-0x00000000005F0000-0x00000000005FB000-memory.dmpFilesize
44KB