Overview

overview

10

Static

static

49c1286250...2d.exe

windows7_x64

10

49c1286250...2d.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    36s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-07-2022 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49c1286250f6610b1db27d148c05d7027f5499dd752edfd6045a06a0d9923c2d.exe

  • Size

    203KB

  • MD5

    f4a8bc85c23e961daf9ab14eb5d155c5

  • SHA1

    13fb84bd5b8cc5ac48b09dee129f26d45f11a255

  • SHA256

    49c1286250f6610b1db27d148c05d7027f5499dd752edfd6045a06a0d9923c2d

  • SHA512

    95bf8334ae374dab040b0ee8faa86b249992c25d471295b6d13a7bd05ad139db5e535770e45dcc246b05492ab78b0992ab67be4ae67f564afa345158a917fbd1

Score
10/10
gozi_ifsb3162bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\49c1286250f6610b1db27d148c05d7027f5499dd752edfd6045a06a0d9923c2d.exe
    "C:\Users\Admin\AppData\Local\Temp\49c1286250f6610b1db27d148c05d7027f5499dd752edfd6045a06a0d9923c2d.exe"
    1⤵
      PID:4044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4044-130-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/4044-131-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/4044-132-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/4044-133-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/4044-134-0x00000000021D0000-0x00000000021EB000-memory.dmp
      Filesize

      108KB

      Download