Overview

overview

10

Static

static

437ea966d0...9e.dll

windows7-x64

10

437ea966d0...9e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2022 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e.dll

  • Size

    292KB

  • MD5

    658464a09959d753d8ac3a7e00bbf050

  • SHA1

    5dae102745d9a1c2925b4767e450c7deb49ce60b

  • SHA256

    437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e

  • SHA512

    4c989f43f33631d27d3ee6ff9f92d9c0885668065738691015db43179b5aebcd3ddedf8b039ec0185ec8ed2e39fc22c0144cf1570ab437e1cf6f2ef5a1fe65c0

  • SSDEEP

    6144:zM0XK+bjFcnvSuifgZdadHY0BrDYA/ICl4aZYYz:zMxEFIPad4sR/Ia4WY8

Score
10/10
gozi_ifsb599957bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

599957

Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e.dll
      2⤵
        PID:988

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/988-55-0x0000000000000000-mapping.dmp
      Download
    • memory/988-56-0x0000000076961000-0x0000000076963000-memory.dmp
      Filesize

      8KB

      Download
    • memory/988-57-0x00000000004F0000-0x0000000000527000-memory.dmp
      Filesize

      220KB

      Download
    • memory/988-58-0x00000000004F0000-0x0000000000527000-memory.dmp
      Filesize

      220KB

      Download
    • memory/988-65-0x0000000010000000-0x0000000010046000-memory.dmp
      Filesize

      280KB

      Download
    • memory/988-66-0x00000000004F0000-0x0000000000527000-memory.dmp
      Filesize

      220KB

      Download
    • memory/988-67-0x0000000000200000-0x0000000000204000-memory.dmp
      Filesize

      16KB

      Download
    • memory/1768-54-0x000007FEFC591000-0x000007FEFC593000-memory.dmp
      Filesize

      8KB

      Download