Malware Analysis Report

2024-10-23 15:37

Sample ID 220803-rt5nzacag9
Target 468042278a3e4841d3e33ccca10d99ca
SHA256 b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86
Tags
gozi_ifsb 11111 banker trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86

Threat Level: Known bad

The file 468042278a3e4841d3e33ccca10d99ca was found to be: Known bad.

Malicious Activity Summary

gozi_ifsb 11111 banker trojan

Gozi, Gozi IFSB

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-03 14:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-03 14:30

Reported

2022-08-03 14:32

Platform

win7-20220715-en

Max time kernel

44s

Max time network

48s

Command Line

"C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe

"C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe"

Network

N/A

Files

memory/1824-55-0x0000000000220000-0x000000000022B000-memory.dmp

memory/1824-54-0x000000000058B000-0x000000000059C000-memory.dmp

memory/1824-56-0x0000000000400000-0x0000000000462000-memory.dmp

memory/1824-57-0x0000000000400000-0x0000000000462000-memory.dmp

memory/1824-58-0x0000000000290000-0x000000000029D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-03 14:30

Reported

2022-08-03 14:32

Platform

win10v2004-20220721-en

Max time kernel

107s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe

"C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 trackingg-protectioon.cdn1.mozilla.net udp
US 93.184.221.240:80 tcp
NL 13.69.116.104:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
NL 194.76.225.168:80 194.76.225.168 tcp
US 8.8.8.8:53 trackingg-protectioon.cdn1.mozilla.net udp

Files

memory/848-130-0x00000000006C8000-0x00000000006D9000-memory.dmp

memory/848-131-0x0000000000680000-0x000000000068B000-memory.dmp

memory/848-132-0x0000000000400000-0x0000000000462000-memory.dmp

memory/848-133-0x00000000006A0000-0x00000000006AD000-memory.dmp

memory/848-136-0x00000000006C8000-0x00000000006D9000-memory.dmp

memory/848-137-0x0000000000400000-0x0000000000462000-memory.dmp