Overview

overview

10

Static

static

360417f750...67.dll

windows7-x64

10

360417f750...67.dll

windows10-2004-x64

10

Resubmissions

04-12-2023 02:42

231204-c7dp3sgf82 10

21-11-2022 15:36

221121-s18jwabc2s 10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2022 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    360417f75090c962adb8021dbb478f67.dll

  • Size

    437KB

  • MD5

    360417f75090c962adb8021dbb478f67

  • SHA1

    5cd71ee15351c08ff35785774cc18dcaeca871c9

  • SHA256

    eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57

  • SHA512

    62088b203fe1eb61afbded8d64c0c00c682d421f73cbc688122c4e81a95924a648632c40ebf734d8693d5373c89bdbcf33ced5df115616dd96341414b4247390

  • SSDEEP

    12288:MNQGRYLUC/k+JwgIMinOCCdF4F9Bn/TomHe:MNQGRQUC/ZwMO1IFq9BnU

Score
10/10
gozi202206061bankerldr4trojan

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://daydayvin.xyz

https://gigiman.xyz
Attributes
  • host_keep_time

    2

  • host_shift_time

    1

  • idle_time

    1

  • request_time

    10

aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\360417f75090c962adb8021dbb478f67.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Windows\system32\cmd.exe
      cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\5AEC.tmp
      2⤵
        PID:916
      • C:\Windows\system32\cmd.exe
        cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\5AEC.tmp
        2⤵
          PID:1484

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\5AEC.tmp
        Filesize

        11B

        MD5

        a67f2061c697fd95f6b28d89b953a51f

        SHA1

        6730b864104f0840fcebf04383d2e3ef7c324a48

        SHA256

        d4bdd82a900fea52cbd442ce8cae201982392d3533d765bfceb7682bc2d16a79

        SHA512

        d9cc7c1593967dbcaf358bc9d394426d97baa7bb6ddeed1767b638c85aa814276eaa3609588b720cab3b2a0b3e36d1d3833dab3e75c9c1a92b8315db61a64cbe

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\5AEC.tmp
        Filesize

        3KB

        MD5

        dc2d1cbee959113a3b49847a229d70d1

        SHA1

        72e2e56da62a6a9586d209ab27b213b037d9cf1e

        SHA256

        05f5f9d77a0fe33ba79c1bdf397a5a714332977e0b7797a489233d8b30cacfb8

        SHA512

        697ee42239f7237f90d9038d83b687acea9c06115cc5f21d74a7bdc508d42b2111090113c2e88ce6a244f40989546a6ceaa5a0c0f10ed8c8fed7b7f9658bd9a5

        Download Submit
      • memory/916-60-0x0000000000000000-mapping.dmp
        Download
      • memory/960-54-0x000007FEFC011000-0x000007FEFC013000-memory.dmp
        Filesize

        8KB

        Download
      • memory/960-55-0x0000000180000000-0x0000000180012000-memory.dmp
        Filesize

        72KB

        Download
      • memory/1484-61-0x0000000000000000-mapping.dmp
        Download