Overview

overview

10

Static

static

3

244fcb71c1...1c.dll

windows7-x64

10

244fcb71c1...1c.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    201s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    244fcb71c16ab8163f25c633dcb91b1c.dll

  • Size

    355KB

  • MD5

    244fcb71c16ab8163f25c633dcb91b1c

  • SHA1

    cf0256c44be6b311558358bb00f9ec257ec90236

  • SHA256

    48589e8612584c5b67c325367e53b63379dbf984a0a0dc905bd29fd3f7fd6c03

  • SHA512

    8768bcda747665ef22c4ca8208c43ade6397f7792a6b32a8ce37f7630513a684b7c3ab69620d5a74350f00e74ba72393f6ba08cec988172d5e0552161814d5cb

  • SSDEEP

    6144:BstpyZ+ANKFOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbAmOOmljdLGeZOGH7Cu

Score
10/10
gozi1500bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at
Attributes
  • build

    250204

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\244fcb71c16ab8163f25c633dcb91b1c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3584
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\244fcb71c16ab8163f25c633dcb91b1c.dll,#1
      2⤵
        PID:4892

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4892-0-0x00000000752E0000-0x00000000753D4000-memory.dmp
      Filesize

      976KB

      Download
    • memory/4892-1-0x00000000009B0000-0x00000000009B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4892-2-0x00000000752E0000-0x00000000753D4000-memory.dmp
      Filesize

      976KB

      Download
    • memory/4892-3-0x00000000752E0000-0x00000000753D4000-memory.dmp
      Filesize

      976KB

      Download
    • memory/4892-4-0x00000000752E0000-0x00000000753D4000-memory.dmp
      Filesize

      976KB

      Download
    • memory/4892-5-0x00000000752E0000-0x00000000753D4000-memory.dmp
      Filesize

      976KB

      Download
    • memory/4892-6-0x00000000009B0000-0x00000000009B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4892-14-0x0000000002700000-0x000000000270D000-memory.dmp
      Filesize

      52KB

      Download
    • memory/4892-17-0x00000000752E0000-0x00000000753D4000-memory.dmp
      Filesize

      976KB

      Download