Malware Analysis Report

2024-10-19 01:08

Sample ID 220804-shavwsgbg3
Target a230000.dll
SHA256 3d05e3f5f662ef39b92dfc1dc6344a400d109bcc6d55c6f7182983f6d1a72541
Tags
11111 gozi_ifsb
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3d05e3f5f662ef39b92dfc1dc6344a400d109bcc6d55c6f7182983f6d1a72541

Threat Level: Known bad

The file a230000.dll was found to be: Known bad.

Malicious Activity Summary

11111 gozi_ifsb

Gozi_ifsb family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-04 15:07

Signatures

Gozi_ifsb family

gozi_ifsb

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-04 15:07

Reported

2022-08-04 15:09

Platform

win7-20220718-en

Max time kernel

42s

Max time network

45s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a230000.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a230000.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-04 15:07

Reported

2022-08-04 15:09

Platform

win10v2004-20220721-en

Max time kernel

84s

Max time network

143s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a230000.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a230000.dll,#1

Network

Country Destination Domain Proto
NL 2.19.195.233:443 tcp
DE 18.194.245.245:443 tcp
GB 37.230.138.66:80 tcp
DE 46.4.27.39:80 tcp
US 192.243.61.225:443 tcp
NL 2.19.195.233:443 tcp
US 104.19.242.83:443 tcp
FR 2.22.22.177:443 tcp
US 85.209.157.230:80 tcp
GB 37.230.138.123:443 tcp
DE 46.4.27.39:80 tcp
US 34.227.164.133:80 tcp
US 93.184.220.29:80 tcp
US 162.247.241.14:443 tcp
IE 20.82.209.183:443 tcp
NL 65.9.86.102:443 tcp
FR 2.18.109.224:443 tcp
US 93.184.221.240:80 tcp
IE 20.82.209.183:443 tcp
US 93.184.221.240:80 tcp
US 162.247.241.14:443 tcp
IE 20.82.209.183:443 tcp
NL 20.50.201.200:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 204.79.197.200:443 tcp
US 13.107.42.16:443 tcp
US 204.79.197.239:443 tcp
NL 20.31.106.135:443 tcp
US 204.79.197.239:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.203:443 tcp
IE 20.234.93.27:443 tcp
NL 216.58.208.100:80 tcp

Files

N/A