Overview

overview

10

Static

static

3

244fcb71c1...1c.dll

windows7-x64

10

244fcb71c1...1c.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    244fcb71c16ab8163f25c633dcb91b1c.dll

  • Size

    355KB

  • MD5

    244fcb71c16ab8163f25c633dcb91b1c

  • SHA1

    cf0256c44be6b311558358bb00f9ec257ec90236

  • SHA256

    48589e8612584c5b67c325367e53b63379dbf984a0a0dc905bd29fd3f7fd6c03

  • SHA512

    8768bcda747665ef22c4ca8208c43ade6397f7792a6b32a8ce37f7630513a684b7c3ab69620d5a74350f00e74ba72393f6ba08cec988172d5e0552161814d5cb

  • SSDEEP

    6144:BstpyZ+ANKFOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbAmOOmljdLGeZOGH7Cu

Score
10/10
gozi1500bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at
Attributes
  • build

    250204

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\244fcb71c16ab8163f25c633dcb91b1c.dll,#1
    1⤵
      PID:960
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\244fcb71c16ab8163f25c633dcb91b1c.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3896
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:2952
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        PID:5028
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5028 CREDAT:17410 /prefetch:2
          2⤵
            PID:4860
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
            PID:2540
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:17410 /prefetch:2
              2⤵
                PID:4476
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
              1⤵
                PID:1896
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:17410 /prefetch:2
                  2⤵
                    PID:1124

                Network

                MITRE ATT&CK Matrix ATT&CK v13

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\~DF278F25C1EC62D316.TMP
                  Filesize

                  16KB

                  MD5

                  25b77277f0432fb6442c7baa88b1d708

                  SHA1

                  8f2ef1fecc4d6575e915bd7ecbdbeda4bb2bebcb

                  SHA256

                  72d290c8151bb43c2da3d29777e85ba0980d5ac26a00fbaeb1e2ba6810a2dde5

                  SHA512

                  31bf552f65b784cf0603ab88fc68023a0559d5fd11686fb84de7f9dce58d2cb03c429969699d9c4a46ed2960589217f59cd5667614df6e1f00e145b8afb724c5

                  Download Submit
                • memory/960-2-0x0000000000840000-0x0000000000841000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/960-1-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download
                • memory/960-0-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download
                • memory/960-3-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download
                • memory/960-4-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download
                • memory/960-6-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download
                • memory/960-5-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download
                • memory/960-7-0x0000000002360000-0x000000000236D000-memory.dmp
                  Filesize

                  52KB

                  Download
                • memory/960-10-0x00000000748C0000-0x00000000749B4000-memory.dmp
                  Filesize

                  976KB

                  Download