Overview

overview

10

Static

static

3

3939.dll

windows7-x64

10

3939.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2023 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3939.dll

  • Size

    803KB

  • MD5

    79c68cde8f43d762c4ecb97d359fc9c4

  • SHA1

    05b04bc2e3a9c406b37fa7ba4c4b70deacae8b16

  • SHA256

    f08827fd5dba2f6ffda8f931b5f2e1c18012b74ed753ea76a0a511e095eb1648

  • SHA512

    c6e261544ea80b982397d42a80023ea20694bb7296284e6ab77fc7615af64c2d14b39187088c26e5536cbe435eac9f89297ad85b2513cbe97d5bf380e253ebef

  • SSDEEP

    12288:OU+W2RNfboq2Fxto4obJj6eO/VTzFGF1d3Of1ZB4kd8AzVhml7wIKHaP:p+TNfsq239obV6pNXIF1sN4kdJmpO6P

Score
10/10
gozi20000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91
Attributes
  • base_path

    /zerotohero/

  • build

    250260

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3939.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3939.dll,#1
      2⤵
        PID:2536

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2536-53-0x0000000000240000-0x0000000000281000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2536-54-0x0000000000180000-0x000000000018E000-memory.dmp
      Filesize

      56KB

      Download
    • memory/2536-55-0x00000000001F0000-0x00000000001FD000-memory.dmp
      Filesize

      52KB

      Download
    • memory/2536-58-0x0000000000180000-0x000000000018E000-memory.dmp
      Filesize

      56KB

      Download