gozi | e33c1276938039d18d6feb813ef494458619f6999374e31f05a2b5a74e012ab6 | Triage

Analysis

max time kernel
142s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 14:01

Sharing

Report Analysis Logs

General

Target

871119561025c22cce7c161a408993fc.dll
Size

461KB
MD5

871119561025c22cce7c161a408993fc
SHA1

d253f17e53f52cbe0978fd88861e560db55dbb12
SHA256

e33c1276938039d18d6feb813ef494458619f6999374e31f05a2b5a74e012ab6
SHA512

fa861cdb73bd57fde9a2a3bf173213a950464e85c9ddbe2bf5e17ba38c8985f631fe41b9bdf6f4279215ef83c3d35f431a3ea50979170d9754a1fe7094f8b88d
SSDEEP

12288:mxIkdQI90tC1o4imB/QD3Jv58kEPGxU3aV+2d:5pI90k3imB/Q1mZ73a42

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2608	1916	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\871119561025c22cce7c161a408993fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\871119561025c22cce7c161a408993fc.dll,#1
  2⤵
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-0-0x0000000074660000-0x0000000074772000-memory.dmp

Filesize
1.1MB

Download
memory/2608-1-0x0000000074660000-0x0000000074772000-memory.dmp

Filesize
1.1MB

Download
memory/2608-2-0x00000000001F0000-0x00000000001FD000-memory.dmp

Filesize
52KB

Download
memory/2608-5-0x0000000074660000-0x0000000074772000-memory.dmp

Filesize
1.1MB

Download