Analysis

  • max time kernel
    12s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 18:14

General

  • Target

    98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe

  • Size

    277KB

  • MD5

    7c3f801620ea1cebd29889400ec9af67

  • SHA1

    b0d226574d6d7fb4ec46fcf0afea08d6e8f91674

  • SHA256

    98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028

  • SHA512

    b81e6dd0bf79ef853b2cbe09dddea946f87f901fbe3e66cad838684cdd4104bb454483fdfaf115a5c9203e7cd512547ec53a3c99fa2eb109c05403637352a6b6

  • SSDEEP

    6144:5sOKPyyl3yr4yJ0hlNM0NZfxZRggbgH5o:5NvmfyJuM4Zpc5o

Malware Config

Extracted

Family

gozi

Botnet

6000

C2

http://velooiisd.club

Attributes
  • build

    214082

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

Processes

  • C:\Users\Admin\AppData\Local\Temp\98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe
    "C:\Users\Admin\AppData\Local\Temp\98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe"
    1⤵
      PID:1336

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1336-54-0x000000000546D000-0x000000000547A000-memory.dmp
      Filesize

      52KB

    • memory/1336-55-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/1336-61-0x000000000546D000-0x000000000547A000-memory.dmp
      Filesize

      52KB

    • memory/1336-62-0x0000000000400000-0x00000000052A5000-memory.dmp
      Filesize

      78.6MB