Analysis
-
max time kernel
1s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
19-07-2022 03:15
Static task
static1
Behavioral task
behavioral1
Sample
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a.exe
Resource
win7-20220718-en
General
-
Target
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a.exe
-
Size
134KB
-
MD5
8a1495c8f27d36165e01cfa54468f34b
-
SHA1
ef62f4c1cb28610e75664b53ddccfcd0e80a6b9d
-
SHA256
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
-
SHA512
44b7ea57d88c4ae27029b2564a5250fcfe157bb6a702ead1a654b57e21b957919217dffa16efe4ee9e56c66f5ef0a04821fe7791c5df6a4312e22b4623f10206
Malware Config
Extracted
gozi_ifsb
2000
api2.doter.at/webstore
beetfeetlife.bit/webstore
in.extermas.at/webstore
ax.zaravid.at/webstore
g2.ex100p.at/webstore
gif.doter.at/webstore
extra.avareg.cn/webstore
foo.avaregio.at/webstore
op.iovbased.at/webstore
ws.doter.at/webstore
f1.cnboal.at/webstore
xxx.doolap.at/webstore
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
51.255.48.78
8.8.8.8
192.71.245.208
51.15.98.97
178.17.170.179
193.183.98.66
207.148.83.241
111.67.20.8
103.236.162.119
142.4.205.47
213.136.85.253
159.89.249.249
82.196.9.45
-
exe_type
loader
-
server_id
550
Signatures
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-54-0x00000000763E1000-0x00000000763E3000-memory.dmpFilesize
8KB
-
memory/1636-55-0x00000000005BE000-0x00000000005CA000-memory.dmpFilesize
48KB
-
memory/1636-56-0x0000000000400000-0x000000000044C000-memory.dmpFilesize
304KB
-
memory/1636-57-0x0000000000250000-0x000000000026B000-memory.dmpFilesize
108KB