Overview

overview

10

Static

static

utdh1.dll

windows7-x64

10

utdh1.dll

windows10-2004-x64

10

Resubmissions

27-10-2022 16:06

221027-tj9w2scfg8 10

25-08-2022 03:54

220825-egalvagbb9 1

Analysis

  • max time kernel
    89s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-10-2022 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    utdh1.dll

  • Size

    760KB

  • MD5

    d94657449f8d8c165ef88fd93e463134

  • SHA1

    eb5cddacd6764098a20ce18a5e1e52f5e603e4ff

  • SHA256

    2502a3f8c9a6a8681f9222e93b14e077bf879e3009571c646ee94275bc994d01

  • SHA512

    659bc86dbd47d9f99c123db7c78d1bac68e4d592eed8f6d2d9ce5289cbf09bf893f0136a67e41e6dc59e1c826f19d34f8ffbaa5089c28592528ead595cca3ddb

  • SSDEEP

    12288:zCZAm0a9L7/7n/zUo2ThEQNvJZAHx137OyyyQTYzzCuatGfWE24rn2k2H824rn2y:wX9v/7/zYdNvnAR13pyyPa+n2F

Score
10/10
gozi202206061bankerldr4trojan

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://daydayvin.xyz

https://gigiman.xyz
Attributes
  • host_keep_time

    2

  • host_shift_time

    1

  • idle_time

    1

  • request_time

    10

aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\utdh1.dll
    1⤵
      PID:1300

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1300-132-0x0000000180000000-0x0000000180012000-memory.dmp

      Filesize

      72KB

      Download