Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
25/04/2023, 12:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ginumtue.dll
Resource
win7-20230220-en
2 signatures
150 seconds
General
-
Target
ginumtue.dll
-
Size
220KB
-
MD5
9627a223cebc074cefb834370cba058a
-
SHA1
73c470ad9203150629b13d7f077000aa4f335f26
-
SHA256
8291f9579288153e0a1812c6c528563634c5c41b0916c606f7d8b4544ccc381a
-
SHA512
283b341fa4bc999dd32586f8914adad9c51ee9533a35fb2c30c165c11f9e4d843062252651bf103183c11cb8ba66d1118df31558f7c59b881f85a2507148ff5a
-
SSDEEP
1536:iYrO9JaI9HwxtB3wjCaNhQ8yl6sUdM8FOIUa:2HJ9HQv3wFNh6U6pIUa
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
777777
C2
trackingg-protectioon.cdn4.mozilla.net
176.10.111.233
91.241.93.192
45.155.249.200
45.155.250.216
Attributes
-
base_path
/fonts/
-
build
250257
-
exe_type
loader
-
extension
.bak
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3760 wrote to memory of 3708 3760 rundll32.exe 83 PID 3760 wrote to memory of 3708 3760 rundll32.exe 83 PID 3760 wrote to memory of 3708 3760 rundll32.exe 83