Overview

overview

10

Static

static

3

canon_dsc_...ip.exe

windows7-x64

10

canon_dsc_...ip.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    canon_dsc_sdrc231.zip.exe

  • Size

    221KB

  • MD5

    3820ca814fdb124f9b5cb465950f725a

  • SHA1

    5effd15953eeb165d3300679c0451a6f39a862d4

  • SHA256

    3e1ea4ffc3199dcbd8e3ab3f4d4382c364717c6551ea5385e654a735aabb69ad

  • SHA512

    c9e289d05b967dd346de2fb20d1f976b5cb0384cf8b1c44bab405cfd03ddcc8c4922a68189ad0067b983e193c146c4ff2609b460cdec51af905d6cdf3e96fcca

  • SSDEEP

    3072:fEN9PALC3+C2hdYp1Zd6Mq/5Ow7YdY9D3gMTjETxpbYspOHpkP:fJLupDZ0M/1W3ggjETTyHpk

Score
10/10
gozi8005bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8005

C2

ssddl2.microsoft.com

siberiarrmaskkapsulrttezya.ru

sibedriamasterkkmoderatordstezya.ru

massidfberiatersksilkavayssstezya.ru

dolsggiberiaoserkmikluhasya.chimkent.su

dolsibegriaosersk4ermanderezya.chimkent.su

rdosdripakloserikabyatezya.chimkent.su

rusddripakoloserufinurtdrfezya.chimkent.su

ripakteenrufinishryeuliliezya.ru

rufiteemnisripakhglassdzya.ru

rufinisrufripakhmileronurzya.ru

rurugyrfripakinishtokokusstezya.ru

rufislomnishsripakerdfnstezya.adygeya.su
Attributes
  • build

    250161

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\canon_dsc_sdrc231.zip.exe
    "C:\Users\Admin\AppData\Local\Temp\canon_dsc_sdrc231.zip.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2364
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:3814411 /prefetch:2
      2⤵
        PID:2372
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1124
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2948

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      261c22dfcb6f0d4fab22a91e093674de

      SHA1

      52485131f705117b9a1da6ae7fec50e05958cb23

      SHA256

      7beed3e9d267194358d006dc9bc5412e3e673663a120961e20021f00328ef9f7

      SHA512

      5b89daa7236d17af163ddab83b25e6549b7b3b8ef7dadbdbcb5074413414e08299eb584395574b96b862b0166c3ec1d17f6e1545c27a939b773cbba78b0fff07

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1be32115c05a83eaaae3472014e82d63

      SHA1

      92ab3c2900b1a44783ff43dc67362da01e554cca

      SHA256

      b0034195626cf8f9d08d60eee28d9c333a45de13c42fe031e614f870435e358d

      SHA512

      055a8d03b4fb2330aa0211e5c4ae50d8a3a855e1a5fc181d0b96e0a3527c31e3c79edb9266679e87b3fc18e34959a739a5285c0377faee061c82cbfc0abb9e8c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      475f4f5eb4e22ecf76ec65037c568e4b

      SHA1

      b69b8b5703c5bc352e3394502e9bca6e6b8e7b3b

      SHA256

      1f187c85b8f2f743bcc38510bcfa6224840550990fc48ce52e92688202dcf1eb

      SHA512

      2b755a7561e2a523ba4b38a9c659d72fc7ddd23aaeb5bd40d1fa311765cb66e8feaa25b533e4ae9f50345f7d3d0868ef65c7bd9d1621a2ab1ec1f4961fa84842

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b57beea85a4910882ac8dd82ccaf61f7

      SHA1

      896a539f2abfd06d9293fdfa9e0cf6e34ca4185f

      SHA256

      e266c1fa4193ebd74cd8c0932123154943bd43d5df0f8c715f1da1aa578ffa61

      SHA512

      3ef8f120eea8be64e341478c939aa2c72491cf500fe23a1ba849b516121c3a1a835a92786dd81d60d4b2f67ee59e65233d18fc5056ef244a23c6cddf3b6e0a8a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f28851d132e059f9b01526325883389

      SHA1

      312fb3b8a15a1e157868c11873f24c6582803cd4

      SHA256

      a7d75e070c0c978b5283d58ea3cc829ec24c945c8fcef181453e2d5cf43db605

      SHA512

      2e59714d911b4984f92d591063a506495cdc712937fbbc08258427a414ff278494275578d94fdf75b773afeca28410e108ecddfcd53e6ebdf8f83555b6af8466

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97a97e00fa7dd4ac8a5283649c2baa2a

      SHA1

      5ba22cd4fbd342fed1b78fe2342bf4b2826040c0

      SHA256

      5178429cee1714928a58e3ed232d2da861f112bc854dfb9c517430b2ec1f8839

      SHA512

      d3cc00b416f36036db71c2f28d2f8d5eef69a782ef87041d0dff68b7ba198ed42f2d8d9107a2d5adec5ad47e5419b9b4371795c49c94b0dcadb7983c418ef4b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9d08ae1ca452622d5e0d061421e96d45

      SHA1

      3e6ca6c187ca39311b8108f6ee5832593d93bccf

      SHA256

      a39a55e971b6262ee7c7d0220d1fdeb277643f5d4018fce5abb38eca47327b84

      SHA512

      fef5adecc34bdc26093c8a0ed7ffdd9dd9cba2c9ca5d3b5f1969cc7f36ff7317523b7c16a4bd6aadfe0a3179c618df67851889ea4849b2c8e93bffc3542ac4d2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a24a74eee611a20d1def57607fc7db06

      SHA1

      0a90031161b9a87b329ca79e519844af5193c159

      SHA256

      70edbdf286ca464720da7be714cef3cec06ed74bcbf395f4a8d0c63a6f8170e2

      SHA512

      ba79d89db1107e4fe0a127fbbad711a17f61ea57b6248b6d12cd6f4cb535b08260420f299c7003d949410c72316f10350957f9d811ed734835c3489d6e77e578

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      548a18295716b752e57c48650c992520

      SHA1

      e1946d1ae048916eff9a73cce2796e3bb7bc2e41

      SHA256

      da40333961d1d55b9a8559ec49d7f8e27955a026daa8145d678e21bc363d1d28

      SHA512

      8913e34a781debcb5ec0315e99ac780c9801593d3ef2a605b137ce03dc2168534a0edbb89a25b1e62ca8d992c44f865dda590b6c20f4fca4e27b59ce690a8d0b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab92EF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar93AE.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFE1BCE06D047476F9.TMP
      Filesize

      16KB

      MD5

      5ba2706fda75992569054f4e19603e7f

      SHA1

      556622cc0bf5a03cdd12f33cf03ba0c2198b8755

      SHA256

      8058fac880cc04a207a2212592002d87bd9be753f4ff2a2451b546f63d688c00

      SHA512

      1df8ac0a90408ee85e9dbe169eac9325c6809ec53eee190de5e4c0e91c8eed0b07d74738dcc4af84e153ea12decf9bdf284ae9d33e4201d265713fe18c4fdd45

      Download Submit

    • memory/2364-2-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2364-13-0x0000000000400000-0x00000000004A3000-memory.dmp

      Filesize

      652KB

      Download

    • memory/2364-14-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2364-8-0x00000000003E0000-0x00000000003E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2364-7-0x00000000005F0000-0x00000000006F0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2364-4-0x0000000000280000-0x0000000000290000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2364-1-0x00000000005F0000-0x00000000006F0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2364-3-0x0000000000400000-0x00000000004A3000-memory.dmp

      Filesize

      652KB

      Download