Overview

overview

10

Static

static

3

c05f4aeb60...a3.exe

windows7-x64

10

c05f4aeb60...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c05f4aeb60fb3c7f2f91d00fc6e6065e1da72c3c14a27ed5f6208251512f7aa3.exe

  • Size

    1.8MB

  • MD5

    6da22b8fe318fb2ae4ffa3441775ad02

  • SHA1

    1c04233c22c101dad738305570f20c3cc2006a47

  • SHA256

    c05f4aeb60fb3c7f2f91d00fc6e6065e1da72c3c14a27ed5f6208251512f7aa3

  • SHA512

    c6c059a3bdbd72f29d5ca4336ab883f136ecb644d027b174559cf91594417dd465f02cd614129940bd17e9f5025f586409a7a61a15ebd67a4921cd30da8b77fa

  • SSDEEP

    49152:4SuE3ftrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L39qPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c05f4aeb60fb3c7f2f91d00fc6e6065e1da72c3c14a27ed5f6208251512f7aa3.exe
    "C:\Users\Admin\AppData\Local\Temp\c05f4aeb60fb3c7f2f91d00fc6e6065e1da72c3c14a27ed5f6208251512f7aa3.exe"
    1⤵
      PID:2196
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2664

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      34354f91d80bc0db22ed6f39fb6bef4f

      SHA1

      030e25338de273dab5d56976e34c1bf09eb1997c

      SHA256

      11540911635a75183dd75d1c7aab27c9c1345192ae6a3e546cf594aeb3ea340e

      SHA512

      d9272c2eb4bc469bc3148a7602031fa112c3bd939e6a8a92a56a2c980c37ab54dabb3fe3305627d81f6ea811ee2bfe49ac2deb5854a26b3255c6be1bbfb28a6d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c82e3b2d238d9de1c6e279edd33e327

      SHA1

      6817274973148c1c3efee5cdcae69dc1b865868e

      SHA256

      402b7caaf2c153c319633e13ab2ec9d12a53c9d9b7e523b59c312576fe039d34

      SHA512

      739a7cbf9ad01f03b15147d6ed182ca943b91461ab381b5c78de0041cf78399631a1727b01b54456de28928d7d8dbbf06d415e427d3f1008ba89c807f67fd0fb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e09896c55410fc1ebb5a0cf157684d7c

      SHA1

      742db5e1d8f515ed4196bb5f8b083961c0c64ed5

      SHA256

      defb5886ce415ab06050cc64392cfdbdc571fdc1341e7321e238d08d31bb6c2d

      SHA512

      f6949ba62fcebcafce615630477c0120f3634a5ce850b4811cf0a4d211dae92ef24c71af8d4f15fb685719cdd326f4db38135b131236e6d75a56c20c140dd380

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83f562bc40ae7f37409f3e7327384ae4

      SHA1

      58ec8a91941ca0f9e6ba2a97d0ed118ea98c3dd4

      SHA256

      4c8e1cf1884e1151e39945edf193e9b6a510b6f62c82b9f56a03113d9ed2779d

      SHA512

      9c71c6e8b5e387c6dd6f64a035f4ef1988a266d042146e071a01c1642f7aef5630de899b404570a5431d3c2327995cae33710b90863ceea606a74dfcc6bb5a9f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      29c1ed1efa752326d5aa861422a3f9a2

      SHA1

      810052975447b27b51515ebb068546425b68664a

      SHA256

      b2eb2eaf794db6f38197109bdd5d25b4cc43111833fbd036552fecd39c706b53

      SHA512

      53efdccd9d7e45e4d3cc02e7fc00487227a1940e5c46b5437025348b4c751b6f533ab9b72fd8ee37af1f37f4d10d83e4d82708867fefe149e380d29c8dc6341d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      efff0d70997c69978d803ed1dbce5515

      SHA1

      bf19426cfaf05b2654f72197496aa9bcd20d0faa

      SHA256

      b2798801647a933c095374ffd0edab3eac52d4cd1793bf7c2bce4a9c5b095688

      SHA512

      45fc9d49c60ceb1ed4d7cc54e84044c7291057d156119eda2ab323680138f303136a2abfb5575a828b63381540b7ea556091a663662a99d0f00922f662ad2a06

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4525ed4202cb1e846940c992b8e0d0ff

      SHA1

      2a5d4db0a837d21b2ab56ef7a8eab6e4a155643b

      SHA256

      ed7f1e9e7bdd1020c53473af2835d7f4304b8db2a065f854486970d4d9a1aa1f

      SHA512

      1bbaad85faf94bee569136df6012fb8797342d2db9b473d4b21d96bbbb839c14cca1bd36fa4636f984796573281cad649aae3f2b905db12fd71896ded0569ab2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3915fd8827e3aa66c3e2d53597a9195e

      SHA1

      887fb528dca88b85861bf272975262c58e32f3f9

      SHA256

      0ca2aafb6542e66a4cce375d055140460aa9b8f54262adbb74709be9dcd7203c

      SHA512

      06bf49c32d8beb8f9d6745ba700b058072d5aea4558d5835328995a20bfac016e0b3fc9c192d9113213e621bf0587d8677efde234662b9f9f273aa63d94757af

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fda0f12a73db9a4e438b79c85e3dca19

      SHA1

      ccc94e5d119a78c3e9f71e0ff4debbdf00a96d42

      SHA256

      2a2048b022bde582e749e9da029045cf862cdf6f97f2a47f66b8019cbb399e18

      SHA512

      ea583d9cb8253108a83c67c720169eec8e4748c4e4aa40857512cede07f81b89d6cfc13079e932c63fc9945167a107a367165e55a5631a816e32f128984ab034

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA4DA.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA5CB.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2196-13-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2196-0-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2196-4-0x00000000003A0000-0x00000000003BB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2196-2-0x000000000058F000-0x0000000000594000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2196-1-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2196-3-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2196-8-0x00000000003D0000-0x00000000003D2000-memory.dmp
      Filesize

      8KB

      Download