Malware Analysis Report

2025-08-05 21:40

Sample ID 230320-q2zbgsdg45
Target server.exe
SHA256 b97cfd0ea14f390894948861cacafbad2f88767d52477e339e2c0a6e4316793b
Tags
gozi 7715 banker isfb trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b97cfd0ea14f390894948861cacafbad2f88767d52477e339e2c0a6e4316793b

Threat Level: Known bad

The file server.exe was found to be: Known bad.

Malicious Activity Summary

gozi 7715 banker isfb trojan

Gozi

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-20 13:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-20 13:46

Reported

2023-03-20 13:48

Platform

win7-20230220-en

Max time kernel

141s

Max time network

30s

Command Line

"C:\Users\Admin\AppData\Local\Temp\server.exe"

Signatures

Gozi

banker trojan gozi

Processes

C:\Users\Admin\AppData\Local\Temp\server.exe

"C:\Users\Admin\AppData\Local\Temp\server.exe"

Network

N/A

Files

memory/1108-55-0x0000000000230000-0x000000000023B000-memory.dmp

memory/1108-56-0x0000000000400000-0x00000000004AD000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-20 13:46

Reported

2023-03-20 13:48

Platform

win10v2004-20230220-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\server.exe"

Signatures

Gozi

banker trojan gozi

Processes

C:\Users\Admin\AppData\Local\Temp\server.exe

"C:\Users\Admin\AppData\Local\Temp\server.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 151.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 185.130.69.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 checklist.skype.com udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
NL 20.50.201.200:443 tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 67.169.210.20.in-addr.arpa udp
US 117.18.237.29:80 tcp
US 93.184.221.240:80 tcp
RU 62.173.142.81:80 62.173.142.81 tcp
US 8.8.8.8:53 81.142.173.62.in-addr.arpa udp
US 193.233.175.113:80 193.233.175.113 tcp
US 8.8.8.8:53 177.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 113.175.233.193.in-addr.arpa udp
RU 109.248.11.184:80 109.248.11.184 tcp
US 8.8.8.8:53 184.11.248.109.in-addr.arpa udp
RU 212.109.218.26:80 212.109.218.26 tcp
US 8.8.8.8:53 26.218.109.212.in-addr.arpa udp

Files

memory/4044-134-0x0000000000740000-0x000000000074B000-memory.dmp

memory/4044-135-0x0000000000760000-0x000000000076D000-memory.dmp

memory/4044-138-0x0000000000400000-0x00000000004AD000-memory.dmp