Overview

overview

10

Static

static

3

7ef8c8f48e...04.exe

windows7-x64

10

7ef8c8f48e...04.exe

windows10-2004-x64

10

Resubmissions

31-01-2024 14:53

240131-r9l7kaeed2 10

31-01-2024 12:04

240131-n8q8cadfaj 10

30-01-2024 15:35

240130-s1qdasaegl 10

30-01-2024 15:01

240130-sdvphaggh9 10

29-01-2024 05:10

240129-ftrassccap 10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ef8c8f48ed661b4191ead1cba285204.exe

  • Size

    203KB

  • MD5

    7ef8c8f48ed661b4191ead1cba285204

  • SHA1

    237628ad21e7d84983f6df21399dbfad8210b3c4

  • SHA256

    03a29bc6c9746574db2c93fd5f65e467de34f9d241e4013a24e1f7b0f2224a7e

  • SHA512

    35d4a655ed2ec27343c0e29b34d0094cbc8e263b56a3292001321d4dcfcca4f76c67881b1a204f017270e93ac8d706a50e3089a870b1736ba44672efd84effb5

  • SSDEEP

    3072:fpji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:f9dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ef8c8f48ed661b4191ead1cba285204.exe
    "C:\Users\Admin\AppData\Local\Temp\7ef8c8f48ed661b4191ead1cba285204.exe"
    1⤵
      PID:1948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2588
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1248
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2136
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2816
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1348
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2440

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67ffd376678c7cdb766a2557ec257df1

      SHA1

      f1b74529fb6c7a8b33d44e1fb28fa7862d7cae0e

      SHA256

      b98e67eca325d0bcca181691a43e2d45f918c272feae718b5660b9801f1f1dd2

      SHA512

      97c4beca11725a15f5bd3a683cc8926d5d3e861e9809f1d52638f5ce924afa3718bb0587a53d21f189dcbe11d79f451fc59940bda31a60409b928fba575dc20d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4cc5b77c107afdf9aed2dea22c006b9f

      SHA1

      79e3fc75b107e29e2048c78503c90d14ae1ff612

      SHA256

      f2f1316043b50072f3ee78103ff8159e973388c23302519b662f85ad37dc8d4a

      SHA512

      2d24498799b75408ed966efcd743a177f2024e0b90431eba94c97450de351f10fcecdda3de66207c2050a209a1cf81060864f08aba17ef46be95e0897c872cac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      58700a3a386f8a892198afe959043f1f

      SHA1

      f1198171ddb53e147473aa86415a8e5d48ca3de4

      SHA256

      c160541383f6d6f3857ca0a9e0dd9dc1bb41e4e3a8e2c442b91c3e79ebfccd47

      SHA512

      7f0b21a4f477e70da4d2a33886417ec182deae79423b5d644c3feabae37b4f8ef7ab3408fabafee750e47d73725d6ccd1bf62e8099816450fc514323c88e8216

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e16495fb917ec6d594da7a22647bf8b1

      SHA1

      0026520b38c7bb30cfa3e60b9a224338fe92f389

      SHA256

      a6787b5ebddd32fac9ccd7d5e818c5d7a74b492fc92ac8500cee792cc96bc836

      SHA512

      74d375f21777072160aa222d156dedd45b8d1851c89f6eee72588539bd5681540d4f9c6b20efb70c35aea162d323e8ccef5fc37c0c04cddf3db7e9e14f9880cd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a135037b13b584c1002a84dcfded807b

      SHA1

      696d3dca708d5f4419d8b7174c161da842b58caf

      SHA256

      52134d55f626e144919552960fe005385533c168269a5374fe29160e803b140c

      SHA512

      522903aba699372b8d009febeb9d7ad0886e4ca6aa302d92e0a5e13698619c91246d26d1ae8484f01f92bff6cc459f9ce541cb7b3d13851bd04e8cddef29eee8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a582ad88f452dc99199f2b75a8c3b92c

      SHA1

      77ba5e3d986a2e518436e2bc452da82c166ff9b9

      SHA256

      319b4a04be6366e7e4c8f77314d33397db3f48d0b1c563439908c4348952d097

      SHA512

      f3a922439a69390050eec583fac6775129a6fbd6e88bf3725d8cfbbaa3fb2ae14902ce03a4d150c20b186dc584f3ba9936b1f8131fb60dd27d272ef3036ad97c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d3f99f4dd910d3cf3a7d1727690d9bdb

      SHA1

      a685a8f386d9f12500512ca7bc4d2a85383c58e5

      SHA256

      9dd77f65f0b33d86cc46adbd009fce76d13f6f6ef63b76fe93c47d2b9b58c79e

      SHA512

      44b42353b55ec1ca8dfd7ac04748074200c715a87addcf9ea0dc45a8875f939260189877881160451a0f02103362c7ff09704db3a6fd181222772d5eca028a35

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3af83d38b7e140a1565f4c057ab897e0

      SHA1

      98ead74606707d5ed04d8921bc470ef874531701

      SHA256

      117e561584d6c7239189be318397c1b6dc42cc8e0a205db85da48bb742f2063a

      SHA512

      66c9432e3ff9e5bb3d813b13e45bbbff96e1c7a6b9b0fc17061036d4c25ec1befb1117ed930b7524cd402767595c5aba3fc03de11d2842ec4b6bc5d00782a595

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9104c4fb702e7c53d3ace1f7f50ae8e4

      SHA1

      81baa77975a486e6b8134c273c05c70603d38dd7

      SHA256

      514c104d3b3de6e81f5b4be1898d9d23ad20c42316c18ca7f7dc5de82ecbe0a4

      SHA512

      155c23e909f332f0f95ba35e75da3e9a8cafe233fb3ca06a32c7891645451dfa460f332c1aaeab525ba5714aac7f21eeea81140dbe1fc3b42b1b708c60a4e7f8

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\sale_form[1].js
      Filesize

      761B

      MD5

      64f809e06446647e192fce8d1ec34e09

      SHA1

      5b7ced07da42e205067afa88615317a277a4a82c

      SHA256

      f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3

      SHA512

      5f61bbe241f6b8636a487e6601f08a48bffd62549291db83c1f05f90d26751841db43357d7fe500ffba1bc19a8ab63c6d4767ba901c7eded5d65a1b443b1dd78

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\L1DA6546.htm
      Filesize

      15KB

      MD5

      cf7632a9c2b8068c51544dcccea7f45a

      SHA1

      c6c92f16229dc1dfb9e338773d0ec8faaa966c6c

      SHA256

      db3e829942e2eb7c155a8428f9c9022b42e1293e26b2036a43d87ff5b864794c

      SHA512

      8eca9243b8ce97316a8a091e00ec841b34616fb47261b4ab9502ce7d5861705e77af77affd3492ca0bb5efea006f44ca56fcfdabc6cee4f713a1dbadbe174d22

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\arrows[1].png
      Filesize

      11KB

      MD5

      0cb2e5165dc9324eb462199f04e1ffa9

      SHA1

      9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8

      SHA256

      67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

      SHA512

      7a285c4a87b9f9093b7ba720d8fe08e0ad7e2ebde9ef8c8d11b70afa08245af8f8a7281c7b3fbe8bad21c3afde4f32634d3bd416822892aa47ba82c12f4b8191

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\JBADSC3E.htm
      Filesize

      356B

      MD5

      7a7107ef5b0185f624703f0ce3161389

      SHA1

      4e95838c06fbe825cd69feac3f28e91d6ea12d4f

      SHA256

      3750f0f41871b5f6a0669e0fae857a2828ae2a187d8865d6e72f9929c4c00dfb

      SHA512

      d187740861254f65a115040fc5d0a3ffe9553917fc55ebd5989c6605726d749760144a4c208a89a4b655f2c48a7daa6cfddca2f17c9a15f2dcf78bba40d8ea16

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabBFAA.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarC00B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFEAFA8DBA12EA74B3.TMP
      Filesize

      16KB

      MD5

      d2ac2d700fc8303480a6d7ae97fa8b61

      SHA1

      3256cc00f7ef6f550b5b7bca78237dd5a32e5ac7

      SHA256

      cdc737d83001f9133c7401a9917e85eec88a081cd506e4e53cce6976b78dcce7

      SHA512

      5dc22d8792129a668d9df976ba75c34d3185f5645d5100cc5707938a800d285542abaa3fb2f4fcb064e6ff6b3acd8cd62d063f2d946b15af26a333f50f3703e4

      Download Submit
    • memory/1948-9-0x0000000000320000-0x0000000000322000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1948-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1948-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1948-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1948-4-0x0000000000020000-0x0000000000021000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1948-5-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1948-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download