Overview

overview

10

Static

static

d38f6f01bb...f6.dll

windows7-x64

10

d38f6f01bb...f6.dll

windows10-2004-x64

10

Resubmissions

27-10-2022 16:06

221027-tkcypscgfl 10

04-08-2022 13:44

220804-q1tdvafea3 1

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2022 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d38f6f01bb926df07d34de0649f608f6.dll

  • Size

    297KB

  • MD5

    d38f6f01bb926df07d34de0649f608f6

  • SHA1

    8a3bd09ea156ede59f527af01412e66181b6d74c

  • SHA256

    b59430d733e346aef69dc5992cee0f06d8dbfca7744d212159528c89d1008953

  • SHA512

    73c575e5aa7963ca3d3c8cd2b08c83178030ed3248c215ec766628fad02ece83bb76bf3da613f4591485bf7610e9422eefa3ddbbb53885021338976087395903

  • SSDEEP

    3072:nt83jOM22CvPJZ7cV0DrIKFXx3LKnyeLt/yX0mUGLN4eS2HH9sQ0yMLDPt+d80Ub:MjQJNcV1YpLKjpyNUGB4SO0JmNx

Score
10/10
gozi202206061bankerldr4trojan

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://astope.xyz

https://giantos.xyz
Attributes
  • host_keep_time

    2

  • host_shift_time

    1

  • idle_time

    1

  • request_time

    10

aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d38f6f01bb926df07d34de0649f608f6.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\system32\cmd.exe
      cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\F6EC.tmp
      2⤵
        PID:1724
      • C:\Windows\system32\cmd.exe
        cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\F6EC.tmp
        2⤵
          PID:936

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\F6EC.tmp
        Filesize

        173B

        MD5

        7ad260ddcdbf20196c0d42eb15c24500

        SHA1

        1a9b0ea14d30401e6d5e870f5aa838aa32fd466d

        SHA256

        2ba6fe42b4ec7fbcb1d2b028580233e2ea9820b38ae3909d4720d9133b1c87da

        SHA512

        78c3a24fc7716cc88400877415a6d4c734a3e94e33ca8178542f3cd077b4e8d3ef470c25ba751760d2015d49789fbca697f19710a6a53674b2732ad19d86944f

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\F6EC.tmp
        Filesize

        3KB

        MD5

        e42f6292dd6673eebe244d550866653c

        SHA1

        35d4c79db8dab5521a24bafc1157f2d5536f7eb0

        SHA256

        3ac30ae9283eda4cb47e85cdf1f6c67961b49496530b9146c053215c33dc5bf5

        SHA512

        1bb0f890d6d3c532924a1621d1a9bb71b56c4eda53fea093187841f9dd80e6e96e6504aaa281fa351de2b7aa7b8220587ae91653544003e89bc10c1f6b2f88ae

        Download Submit
      • memory/936-61-0x0000000000000000-mapping.dmp
        Download
      • memory/948-54-0x000007FEFB6D1000-0x000007FEFB6D3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/948-55-0x0000000180000000-0x0000000180012000-memory.dmp
        Filesize

        72KB

        Download
      • memory/1724-60-0x0000000000000000-mapping.dmp
        Download