Overview

overview

10

Static

static

3

d4e90cf738...85.dll

windows7-x64

10

d4e90cf738...85.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2023 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4e90cf7388f89bbbaff36b28145a485.dll

  • Size

    378KB

  • MD5

    d4e90cf7388f89bbbaff36b28145a485

  • SHA1

    ae09ab502797805f6d4a7fd02496e5a5a06bb70b

  • SHA256

    93d897574a629e5d5730c685d9d0b81fc24ae47a78394cdd1700cc388b4462f7

  • SHA512

    8ac6e20d8be96f23983f6b56f26c89e56f801709c6c24d8e30cee24e6a0636a8b421ffb9a377aaf2fd66d910a914662a88cd2543efb8a58fb138a1779541e259

  • SSDEEP

    6144:NAqX6GBMYdZdpfkmGjwSgF8H3V6UclT5wdL5FczVN877v4FOH/:N5qQdZrkmGs58H3k/15wdL5OVN877aG

Score
10/10
gozi1500bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com
Attributes
  • build

    250188

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4e90cf7388f89bbbaff36b28145a485.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4e90cf7388f89bbbaff36b28145a485.dll,#1
      2⤵
        PID:3312

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3312-1-0x0000000073B50000-0x0000000074BBD000-memory.dmp
      Filesize

      16.4MB

      Download
    • memory/3312-2-0x0000000000970000-0x0000000000971000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3312-3-0x0000000073B50000-0x0000000074BBD000-memory.dmp
      Filesize

      16.4MB

      Download
    • memory/3312-4-0x0000000073B50000-0x0000000074BBD000-memory.dmp
      Filesize

      16.4MB

      Download
    • memory/3312-6-0x0000000073B50000-0x0000000074BBD000-memory.dmp
      Filesize

      16.4MB

      Download
    • memory/3312-7-0x0000000073B50000-0x0000000074BBD000-memory.dmp
      Filesize

      16.4MB

      Download