Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-07-2022 00:10
General
-
Target
93114ecf1b2c711ec10e1fafdc834393efc11a97.dll
-
Size
445KB
-
MD5
f3be390b01c85970deeae124ca36ce2d
-
SHA1
93114ecf1b2c711ec10e1fafdc834393efc11a97
-
SHA256
4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce
-
SHA512
463829e0a07a2983d967483d49dd478243658c0be583bcddb801cd45beb869eee8cda812ea3a74e5cf5d70be07b5a59677317dbadcefdb8a21de3ddcbe7fa3a6
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Botnet
1500
C2
gtr.antoinfer.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93114ecf1b2c711ec10e1fafdc834393efc11a97.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93114ecf1b2c711ec10e1fafdc834393efc11a97.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1956-54-0x0000000000000000-mapping.dmp
-
memory/1956-55-0x0000000075F61000-0x0000000075F63000-memory.dmpFilesize
8KB
-
memory/1956-56-0x0000000074D40000-0x0000000074D4D000-memory.dmpFilesize
52KB
-
memory/1956-57-0x0000000074D40000-0x0000000074E4A000-memory.dmpFilesize
1.0MB
-
memory/1956-58-0x0000000074D40000-0x0000000074E4A000-memory.dmpFilesize
1.0MB
-
memory/1956-59-0x0000000074D40000-0x0000000074E4A000-memory.dmpFilesize
1.0MB