Overview

overview

10

Static

static

3

0306ee717c...73.exe

windows7-x64

10

0306ee717c...73.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0306ee717c581c62eedb21eb4c1b82a64b641d60d71453344419d4944e410c73.exe

  • Size

    2.8MB

  • MD5

    5cbc91e005da99324b10e23bae3b9427

  • SHA1

    beac657232e55493546b8bff5d7636af4e1efc24

  • SHA256

    0306ee717c581c62eedb21eb4c1b82a64b641d60d71453344419d4944e410c73

  • SHA512

    7dd16a565d48b8e05450399b0063dc899bb64c2c119b3599cf5d5fabd86099f0bd4759271a35b7d52007f210de55760f92380bef97351ac95a3a33eb01c237de

  • SSDEEP

    49152:zACqIwBXHuZStR6BohzEOZ/VEoyJGKQkQ0oTW:zACXeXHfH6WVEo4XQ0o

Score
10/10
gozi3555bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217111

Extracted

Family

gozi

Botnet

3555

C2

settings-win.data.microsoft.com

v60yuuu1415.com

jlb81hdvernon.com

b99vxjju.com
Attributes
  • build

    217111

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0306ee717c581c62eedb21eb4c1b82a64b641d60d71453344419d4944e410c73.exe
    "C:\Users\Admin\AppData\Local\Temp\0306ee717c581c62eedb21eb4c1b82a64b641d60d71453344419d4944e410c73.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2496
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:472079 /prefetch:2
      2⤵
        PID:2120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2440
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1916
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f7d58f1774b68d0dd5f2ccf8000145c

      SHA1

      34602f6afc7711b040194d29f57200056a5184cf

      SHA256

      9e74f52c11e5a1d99aee354a14c8d059df8637d9ed543cf24a8546b0ce37acd6

      SHA512

      199a8c6d2bbf83d99d0375ba89bd91bb805aa961f4398a4919a2f11abde22ac83faf385c33e91132d93dfa12ae8d462f3b10bff1e03762c45a8538a8cc5304c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      acc8b25503c3dbc783907f4605aa3a2f

      SHA1

      46616c2a144144ed8541e4edb26155055a6bb9bf

      SHA256

      f7cf5508815b829b9fc1985b64b6cef7fa1be278cebc8a4c684ff2c95958620f

      SHA512

      e881c0c7194aa2055a2d72f6a198d21ad15f504dd85b977e08de8423d67c6efb103b65040426bed6e9ed0b4d580d92d420ee4f9c64394c86dedd42530d6c90bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d9d75455cce9273d6a615a631ddc2ef

      SHA1

      0077b372ca88807eaca3989bc855fe29e5fbcf72

      SHA256

      2b1950e8f3e8fa7f02bb00564ba4311f9d5336fdaa02791d3befd4d043e402cd

      SHA512

      0afd5e2940690ba498b76d55cbe3ba14e2f3af6f0bad504f55e5baecf2f5ff6361117fba49d4757d6d83f109bc1d653582b5e05632863399b6e0a1e12864e1ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      337051608682046939c1c4b2cc684d38

      SHA1

      827a4e701ae7206299cc074ed09ca08a96f4cd53

      SHA256

      14d88388008c2e2abf1bd879a22792f44714fef7c73c7834a5a199a2fce97219

      SHA512

      02d4fc0a39e90865eac39eae71bea0a8509b62b6cf44e12767738cb979e0501b834554f8c7804427ab4af87e8b67312cbd411fca2126adfbc60a81f39dfca268

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d8558bffc596ac35a3b082baceeca5e2

      SHA1

      d5ea0563d7ed0fe1a549953c418cb1065e9b34d2

      SHA256

      8b8ddf2c153d8c98fa4f2993490a686ecf3f0a5167e103683a00af0fb55eb8ec

      SHA512

      dd0675ea5599168de23f9a105cc43862166748368a602b6c1301a3f7b1860d51a7aae036939c650c789d011653fa2baa3ad60174b6a8ac0da63ef032794ef7fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a9bfe69f6b31d1dd4d603c22c30e6dd

      SHA1

      bc50d926759d0646c09076d05a6b6c23d297251e

      SHA256

      61c6397edc1e2c0f3bb21843cc7b77b83874e8fc9315b42f6b17e83ef0a572f9

      SHA512

      00fe9c2f4101d36ed2690688a1e0713de5de040fcbd964bc96290bf6e6e2cc21267a012800d44225c8bdb9ee9581c41545a9eff1bd5c3e25e68e4f31608cb0bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bbef5826d4ac6ca590ce66a80dd05ff5

      SHA1

      cc426cd065b57cd1174758a9bf6efb63ae59e273

      SHA256

      18786df2bba1dcf72b3a86d295272354b299cdd46dfae4fb655e50062b83be2d

      SHA512

      c2afb674a9f87ce8ee3866bcd8d99fad602698b4b8f3c49937eb97a1d321611417a24a1c8f4dc0b014829720085ec357273d6666a62dcdc5028e8b49c396d93d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab180c30fbec96a3910416eabfdbec87

      SHA1

      89afbbdc64b81efc5c3d0650d1c8fd0cba63970b

      SHA256

      ba4adfc9e7a180113bcfc621df5c13214510b4f40173a0f05037cbf6929517a2

      SHA512

      023c26119fb2babbcf45c85db3a33ce6cb5214f1d794d55457a6fa09f0c986d89bb3c50510b113b165599560da32a6bc4a7fb682fed1668ed9e96f4e5df7895c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2c7f4db56f5612dece7817e8fac31ed9

      SHA1

      1f39f8781b25d95c58439f0f214fa02d3fa9693b

      SHA256

      ab399872431d2c53be7e91abb68bf98ac6a100291805d8e9489455fce5aa184e

      SHA512

      6c33e3515ecc50a368ebea1736bd0104605f26d5c5b8962e2f5b07af2f2fc44212cc0b30fd3e313fc0fea5136936223dbade02e08801bf912e42a6cf10134c99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      296754ce5cb403edee168a1997c4e436

      SHA1

      174e84b659de634f48015f448142d2bb9803482c

      SHA256

      ff135f5c4871a6b7e6a2fc580efea6d8830fc6b18226f4c731dacb425c3e7b5b

      SHA512

      bb98092975db21c4e8106dbbf323786f233da07015ed0ce784fb42a178b7e5a146f485d4bc16e39f4fb07fc172c7bb79399605d097195ae47fc3d1e1dcef0cd1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f3d15832dfce32c8e2584c91b0a93ad

      SHA1

      e248ca7c5a72ccb1f75cd1f958ba36b5c210c7fa

      SHA256

      79ec2c0049cb307c487a15bab061729fb1a28b3773eb26d8a31f48f6c30dc21d

      SHA512

      87dc19cbd06e9388607559b8f0b183a0784d0403b02ee1bf52d8deb2c0d9ec5c62312b0e6ed6f538cf9fe181a811c623d2239b07fefb94382fb91d31b405a20e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d90af119e7e95dc61d6bc84cc4f81534

      SHA1

      8e6a573723796ab7cbfa01061e995c5cf6037cad

      SHA256

      4c6623e9887a6739a3f05609bbf998939769d8262a6d6ece656d7fbe3dd706e7

      SHA512

      70643d7e65e8c60fd38435f9fd913762b2416b00d78fc9667b3d962aee678cba49e861784e29bdb55043dea58bc111139756ef3259fc70421664c7a2a75dddb5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      67a58773b68d072dd22420bb6508cc7c

      SHA1

      98b8794474de6624a643fa5f216fe721a58e7544

      SHA256

      06ea1f1c95eb95dc377a3fbc1cb03e9bc280cd40e0fb3347fb22a16bf7a17666

      SHA512

      c3816142cddb451da776f1337eaf3dbfd8b2f3a36c7860759c8aa55b6daba9ff67175837fdf27c20c392888c65a9632a3026372e68617edf4c6934031e47fcd0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      db394e138f2b00363b7d714f17ae84c0

      SHA1

      5f768aa33abc9c8bd9752faefd531c07342676de

      SHA256

      522b83865c2f968711e60709901e725477ba10c031b93c10b361c221b2e04953

      SHA512

      8ee9dcc27aa28d09b80151f2becc19e906e4bf628f9561af523c8a80590f38dac7b51fd9f4f420964a4d2b65014a9f564d63a88257e8728c0090072cad75c3c0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c4691a8009fb1b9bbb85b95ea28fc41

      SHA1

      e4ab9d34d035fc51eac72bf4d1832eb1819a9c89

      SHA256

      770fabe5e724b91d855e83151a1ce66d0cdb9e1641d64157d806a546aa9d099b

      SHA512

      bc9cdc830ee4bb938f824c86c7e5145219545a2954492c865334c27b3eeddcbeb5d739dc0d3d3d5f874bc9d59da319740a9fb0f17ac139a2995d78641d6a7fb9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46394d3c4bc887df374a18d197e11a4a

      SHA1

      492ba01a5916d5c1c3a62ba53407e181c2fd3c1c

      SHA256

      71b0109ceea7b5931e9a75ade8172d3747f1c4ff3f6f266310e959442db8b07b

      SHA512

      cff2cef2820904d62887ad4a02b3068ff9b54f07f6660512df90fb94ba84260dcce017b8e20f80d70bd58340452f750c2550fb3ea2a5b9e389557b9d1a05f2f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      506eee97ae7f78eedd89318b17d04e79

      SHA1

      7062101cf817ba7813aeeded7685a8681c85dc13

      SHA256

      ebebd8763b29dda28a0e84bafbebaa9735ca38d9b31cb6f4d9664e4058158bf4

      SHA512

      12337cfa7592ca809ae884481b7042419c46ccf0030c393f8c0baead05b7723144d0e9986d600a846a277ba0b5a074881a8d579cf267c28af981495538bc4e90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5525.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar55B5.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF821645A213ECFEF8.TMP
      Filesize

      16KB

      MD5

      ce27f199410a66669b2fc7dcaab803b8

      SHA1

      ee1df22f9d7bbbd1b77f925da4eb50da4f5254d3

      SHA256

      08d560c6447865dbc79f787b36c9cadfbebcabccf97a8b374bc3268ebefee19f

      SHA512

      a89f5dfa58996ea9329455a58e2aa610ee124dab6df30cd48e9bbc7665f0214825ead7c51c88fb0f8f21d43d67aef6cd5edf69fe3f2d04768cf22360d3764aa5

      Download Submit

    • memory/2496-9-0x0000000000190000-0x0000000000192000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2496-0-0x0000000000CF0000-0x0000000000CF3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2496-1-0x0000000000A60000-0x0000000000DE8000-memory.dmp

      Filesize

      3.5MB

      Download

    • memory/2496-2-0x0000000000A60000-0x0000000000DE8000-memory.dmp

      Filesize

      3.5MB

      Download

    • memory/2496-4-0x0000000000160000-0x000000000016F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2496-7-0x0000000000CF0000-0x0000000000CF3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2496-8-0x0000000000A60000-0x0000000000DE8000-memory.dmp

      Filesize

      3.5MB

      Download