Overview

overview

10

Static

static

3

7fb81b98bb...25.dll

windows7-x64

10

7fb81b98bb...25.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fb81b98bb77b54c2f69ab7c19d8bc25.dll

  • Size

    605KB

  • MD5

    7fb81b98bb77b54c2f69ab7c19d8bc25

  • SHA1

    bfd82e8164088d905576f66f2010e5f1fb1e892f

  • SHA256

    6700cc014e9ef5473a909a0c10d644661ccd0750ca942abd458cec91e32bf551

  • SHA512

    6a42a3b31cdd34436f92f6eeb29e968a81cde00a69adcae8174231faa9bc7e9ec0f5d4a5f419591cb425ddff936f11a6493310f24f8f3ea83f3993e07996efb5

  • SSDEEP

    12288:/edbxfx8d3fbkRXgeSVpZJosJe9ln3KuUliVjjP:/e3fYYRk/Xw9t3KniV

Score
10/10
gozi1001bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

yahoo.com

bogoleruno.website

gogoleruno.website
Attributes
  • base_path

    /gksadk/

  • build

    250212

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • extension

    .fre

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb81b98bb77b54c2f69ab7c19d8bc25.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb81b98bb77b54c2f69ab7c19d8bc25.dll,#1
      2⤵
        PID:2312

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2312-0-0x0000000074680000-0x00000000747BB000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/2312-1-0x0000000074680000-0x00000000747BB000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/2312-2-0x0000000000140000-0x0000000000141000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2312-3-0x0000000000160000-0x0000000000170000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2312-6-0x0000000074680000-0x00000000747BB000-memory.dmp
      Filesize

      1.2MB

      Download