Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30-12-2023 03:43
General
-
Target
0d527534100ddb9ef3e08ead858fabab.dll
-
Size
378KB
-
MD5
0d527534100ddb9ef3e08ead858fabab
-
SHA1
fd105a90d7a754c3965bd4a81e01cafb84ddc44b
-
SHA256
86928e68c8e3b874d89b490e55de47171f0350ead784fe09589a031adade2271
-
SHA512
8929ed92cf224237cc3783e3ba23a89ea8ddad5d0d61c48e2f1432fb355c21fece875cd76f9fdbc98e7f1ac0d4b565ff73a1be534880d59381f47116d7778d02
-
SSDEEP
6144:NAqX6GBMYdZdpfkmGjwSgF8H3V6Uclz5wdL5FczVN877v4FOH/:N5qQdZrkmGs58H3k/h5wdL5OVN877aG
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
1500
C2
app.buboleinov.com
chat.veminiare.com
chat.billionady.com
app3.maintorna.com
Attributes
-
build
250188
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d527534100ddb9ef3e08ead858fabab.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d527534100ddb9ef3e08ead858fabab.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1416-0-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB
-
memory/1416-1-0x00000000007F0000-0x00000000007F1000-memory.dmpFilesize
4KB
-
memory/1416-2-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB
-
memory/1416-3-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB
-
memory/1416-4-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB
-
memory/1416-7-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB
-
memory/1416-8-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB
-
memory/1416-9-0x0000000073DD0000-0x0000000074E3D000-memory.dmpFilesize
16.4MB