Overview

overview

10

Static

static

7

4be5cce19e...0e.exe

windows7-x64

10

4be5cce19e...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4be5cce19e748a9358fdac3fc56f4d0e.exe

  • Size

    1.3MB

  • MD5

    4be5cce19e748a9358fdac3fc56f4d0e

  • SHA1

    11f4acd0fc6e3ab32749034f24753c42279d5a9d

  • SHA256

    4124de1673fe7567235b6fc68f31970785c764d5f437a9440f61f2f14a098569

  • SHA512

    242d7485c53f269872d191e2735b2382c4489f4cd1411bfa677f67540aa8507451f9458c9517d422919ce72362445cc95c863773ab6c4cf6ce095304cf1a6d58

  • SSDEEP

    24576:dMcp/Zv8F7z1527o9FVvCXbj4A6bO7bAGbfTLDZGF0OMWO:ecpqF7z1uo/VvnA1Xr3IF0df

Score
10/10
gozibankerisfbtrojanupx

Malware Config

Extracted

Family

gozi

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4be5cce19e748a9358fdac3fc56f4d0e.exe
    "C:\Users\Admin\AppData\Local\Temp\4be5cce19e748a9358fdac3fc56f4d0e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\4be5cce19e748a9358fdac3fc56f4d0e.exe
      C:\Users\Admin\AppData\Local\Temp\4be5cce19e748a9358fdac3fc56f4d0e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4be5cce19e748a9358fdac3fc56f4d0e.exe
    Filesize

    1.3MB

    MD5

    6b9b8908ba8bcaedcacd5420886726a1

    SHA1

    994223a1b00fb6192402b64beecfd712e8dec2df

    SHA256

    82125b9b62e13c1aecf8b403176d6cabaa96856fba29c4ee159236ff64ada7bc

    SHA512

    7e1da8ef15218e9f9da2a9839a0e3b059baf8c23877b611e4f2ce1f95bbc8e0e73f52f596c33e033c475b0a20a4d9b499fe34062ae6acc11f5f4d941a5966aa8

    Download Submit

  • memory/2092-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2092-1-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2092-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2092-15-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2092-13-0x00000000034A0000-0x000000000398F000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2160-18-0x00000000002B0000-0x00000000003E3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2160-17-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2160-16-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2160-23-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2160-24-0x00000000032D0000-0x00000000034FA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2160-31-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download