Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
31-01-2024 05:29
General
-
Target
8390c9aff9b8f652c36252270d51fb30.dll
-
Size
529KB
-
MD5
8390c9aff9b8f652c36252270d51fb30
-
SHA1
919ce33025c1901a2088b77c8543eb729fccf17a
-
SHA256
f41d351cba690cf05e4b5e5597b71697eb2e9125b656927aaf93edba25fbc8cd
-
SHA512
c1d5326f0a40d673aa1647842915d6eab70a34383238387bc2b7b4027d38d6d07676b71ff0a7e3d71d884c080f315714792459aaf49f90c3970404f032fe1a19
-
SSDEEP
12288:ntCE7dSeqW+MNurWAFKlJejMSH6nimDC2t:bdSeSvrWAFK7ejNa/e0
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
1500
C2
f1.bablefiler.at
f22.avanoruk.com
Attributes
-
build
250211
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8390c9aff9b8f652c36252270d51fb30.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8390c9aff9b8f652c36252270d51fb30.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2356-3-0x0000000000200000-0x0000000000201000-memory.dmpFilesize
4KB
-
memory/2356-2-0x0000000074C80000-0x0000000074D1A000-memory.dmpFilesize
616KB
-
memory/2356-1-0x0000000074C80000-0x0000000074D1A000-memory.dmpFilesize
616KB
-
memory/2356-0-0x0000000074C80000-0x0000000074D1A000-memory.dmpFilesize
616KB
-
memory/2356-4-0x0000000000220000-0x000000000022D000-memory.dmpFilesize
52KB
-
memory/2356-7-0x0000000074C80000-0x0000000074D1A000-memory.dmpFilesize
616KB