gozi | 9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e

Analysis

max time kernel
143s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d68d238d713f63ff02be916ae633466.dll
Size

543KB
MD5

0d68d238d713f63ff02be916ae633466
SHA1

46958a4143c337f8406b0c785d434c8892e902e8
SHA256

9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e
SHA512

502daafc9ba908cf8b682e2496be0785c7ccf035e8876df2b31b97dd43a5f79e50505afa63cd60be1df89003ae774d071777433cfc2b14359e581175b290ef33
SSDEEP

12288:KaM55j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:Ka6z3E4INX03ycxc4

Score

10^/10

gozi 8877 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net

Attributes

base_path
/jkloop/
build
250207
dga_season
10
exe_type
loader
extension
.kre
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2672	2220	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d68d238d713f63ff02be916ae633466.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d68d238d713f63ff02be916ae633466.dll,#1
2⤵
PID:2672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-1-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-2-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2672-0-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-3-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-4-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-5-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-6-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-7-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download
memory/2672-11-0x00000000749E0000-0x0000000074B04000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads