Analysis
-
max time kernel
12s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
29-01-2023 18:14
General
-
Target
98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe
-
Size
277KB
-
MD5
7c3f801620ea1cebd29889400ec9af67
-
SHA1
b0d226574d6d7fb4ec46fcf0afea08d6e8f91674
-
SHA256
98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028
-
SHA512
b81e6dd0bf79ef853b2cbe09dddea946f87f901fbe3e66cad838684cdd4104bb454483fdfaf115a5c9203e7cd512547ec53a3c99fa2eb109c05403637352a6b6
-
SSDEEP
6144:5sOKPyyl3yr4yJ0hlNM0NZfxZRggbgH5o:5NvmfyJuM4Zpc5o
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
6000
C2
http://velooiisd.club
Attributes
-
build
214082
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe"C:\Users\Admin\AppData\Local\Temp\98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1336-54-0x000000000546D000-0x000000000547A000-memory.dmpFilesize
52KB
-
memory/1336-55-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB
-
memory/1336-61-0x000000000546D000-0x000000000547A000-memory.dmpFilesize
52KB
-
memory/1336-62-0x0000000000400000-0x00000000052A5000-memory.dmpFilesize
78.6MB