Overview

overview

10

Static

static

3

file.dll

windows7-x64

10

file.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2023 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.dll

  • Size

    362KB

  • MD5

    3969d9062eb2daef1872aaf898636f08

  • SHA1

    7922117847dcda90de4d8fbaaa5613076b959115

  • SHA256

    7ce0babea43a0eca93ed5458b77df1cd695f672e8dd784d8ff0af777b66e7865

  • SHA512

    c88f6d7f3cea5dbc8341ad4a7f6c6fc197a6b9f30b807a2eb61ab9cf33d3f607f4ddd04e91eb461edf9842062319f60bbdf6d9f964f3fc20748c748734437bf4

  • SSDEEP

    3072:QmNJTdnsnRNulFiOxyioF2XfSGXbR4cFekbhO6r253I0rSis6bGCKLb1TASh8mU+:2MtTX3hdrCk6bGRL5TASh8mUUJaM

Score
10/10
gozi20000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

chick.bing.com

http://79.132.129.207

http://94.247.42.106

http://94.247.42.79

http://185.212.44.76

http://45.155.249.200

http://45.155.250.216
Attributes
  • base_path

    /zerotohero/

  • build

    250257

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\file.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\file.dll
      2⤵
        PID:1096

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1096-54-0x00000000001D0000-0x00000000001DF000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1096-58-0x0000000000220000-0x000000000022E000-memory.dmp
      Filesize

      56KB

      Download
    • memory/1096-63-0x00000000001C0000-0x00000000001CD000-memory.dmp
      Filesize

      52KB

      Download
    • memory/1096-64-0x0000000000250000-0x000000000025D000-memory.dmp
      Filesize

      52KB

      Download