Overview

overview

10

Static

static

1

60eafa94ce...a30.js

windows7-x64

10

60eafa94ce...a30.js

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2025, 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60eafa94ceb03b819234435aebd7784597eb212f6a796a4a1052b19beb854a30.js

  • Size

    1.3MB

  • MD5

    34686f47e7d2f9206fd5dab3814ed870

  • SHA1

    447fbec5fb2ffe97d839ce8ed56a75383dca02c1

  • SHA256

    60eafa94ceb03b819234435aebd7784597eb212f6a796a4a1052b19beb854a30

  • SHA512

    092c9f37b44781031cd731a7c8fd358a3de4ac8be1192176bbb558e87a313c664918cc895e6c1971138342fb4bf24423afb6398ef6431d05c24f28a7c8788076

  • SSDEEP

    6144:Zi9kVg2B54Ah7JHNhbvxPKf1wGYew0CATXH4R+LcKzwi1w3R1V8KyIvSzxRUXkjN:ZA

Score
10/10
gozi3300bankerdiscoveryexecutionisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3300

C2

addlock.mitial.at/api1

Attributes
  • build

    250141

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • Loads dropped DLL 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\60eafa94ceb03b819234435aebd7784597eb212f6a796a4a1052b19beb854a30.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -s C:\Users\Admin\AppData\Local\Temp\\AiJkqydZbl.txt
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\SysWOW64\regsvr32.exe
        -s C:\Users\Admin\AppData\Local\Temp\\AiJkqydZbl.txt
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2500
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2672
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:472076 /prefetch:2
      2⤵
        PID:2128
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2856

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      71KB

      MD5

      83142242e97b8953c386f988aa694e4a

      SHA1

      833ed12fc15b356136dcdd27c61a50f59c5c7d50

      SHA256

      d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

      SHA512

      bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      952b4d8aacd93863d57a5464549dc755

      SHA1

      edb3521692940ad463ffe88714bb8f9387a9aa16

      SHA256

      6ae7c1cce344b8ad4ec791d91c8f5ad24a5be1775a51ab71d3a81965c3b43ecd

      SHA512

      677942980ae629ce5677881691b6a26a6beae66d0043ff3df13b92f5a5abdef742b7fca8059290679b8fc036dee84aa6d1f46fadf2e403824db11bcc788bd80a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8b0eac9608f6ebcdceb5101d5ef2e79d

      SHA1

      8e0a23843cbe21236fa01d859f18653373391ba8

      SHA256

      1f679d6985523b625ce4c85b9ec7fbaf394aa28384c516ba4370d76d58e00c1d

      SHA512

      f029eef1cb530e42ef9a294574fe2fc9aa3356c3114da4a735cfba9270ec70a7d682265b7540f0d36661590f39e409e4928399a3612f929bdbb34c913d5f6db5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf027bd82eefd292fb794311becb4874

      SHA1

      f8ce01101626d3221cd5de6ed46804ec6c300d0b

      SHA256

      066a22b19e124b33c0b9856a445b06c690733f68dcbf010f0eae33821721797f

      SHA512

      bf244e15ae697c713e2f0a4f5a89ea1262417a6cbb8a2e64ac658244bca6ccbc2228294939edc6227ef36d3f46c6ff9da887576731f23b0c08e24ba9b2a0eb46

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      13b4c0e3dacfc5bc91b6bb19744b5988

      SHA1

      5fe9611b89d51ab7f2b78761b46b07aaaf6433ef

      SHA256

      8849986ed385b1b2a29b9f83d92042e4571fe3e41ea90ff1d76c625a6210b54c

      SHA512

      cd5966e02fa0fdd3d4314c9d04c7f717f34cc4d8d4834befab0fd61640fa1291f258b81f3d076daa82b7d16351f6c9af8094375217e42c0cde8c507ffd8bf2b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      815feb2f6afd9219a494db3bbcf6fc0f

      SHA1

      062970a9d4e31bcff4c356cbbf64334c2035b185

      SHA256

      75c848631ccf121b51e755d9cbf367e9327c56de3f1fd8d712a0c7a380d64151

      SHA512

      a0afabbd36a9c18e5b044c09eb457dba8a43b290ef71f185f31adc30c3241db5d722bd2952f7013bf0291c4486011451138060c9f3de78fa553d2241b26717c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cef7b96444e32eef56a93940a90d2627

      SHA1

      d6fea173afd8985c7f032c6e75bf6be525b34db1

      SHA256

      40ffa4aeab6ea35109c28d51d29a7c15804453104021bc59e502f3a98388710b

      SHA512

      e0e89cf27f9302816844454fa51735819d68c752bbf69d205ef08be6abd7da9df34190a5783d1b962713970cdc453dc3d751b608d359bedc3e64dcb759de902c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67d0ef5fb7450c45360f68e534e72db5

      SHA1

      e0518b2d062ef1ac652fbbd758c20c03fd6fc985

      SHA256

      9ef08cb42f127244a9d0c9c4b270845d2082d14024a5128f74d2ca904ca21825

      SHA512

      4bbf1edbd1aa6b60ab93c0c89853c75d248238fb4428ab3e39f44e463877003f0f5e07f1fa7320bb1a68ea874ed17bfa0be1f6b5a327efd3e07767061d9533aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0940d9710a653714a5845121cf45016c

      SHA1

      1887d1d44b0191856092f57828794b6ad888a58c

      SHA256

      dd0f4171677f4b23369f52c0a0d80e8ee27781102a06064c59fe4956c6c9edfe

      SHA512

      4219d0147b6ef657c983cc8cd08f32b5ada83503ef3b0ebf61166d33401849a194372e567020189a348c03db769b95974a84f244f02a3c6391f07af3fb2347c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      029241c0cc78d7bac60a93ff17be2a87

      SHA1

      0d454fd11238de83e638b797b4a9fbd40cc65d39

      SHA256

      f074d910e82b97c8eba9a39a8a879534b62a878405cc49f9c421678687c58a2e

      SHA512

      2778bc90c0532f41dc19143539f3173ffdac78e009809aae14afb9eb5e69a733a3a648ce85918cd537a478a3d10649abd44b19f805b7b792337a029cbb9c1fa6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AiJkqydZbl.txt
      Filesize

      204KB

      MD5

      952bc67de7e7e40d3938ae5d9118bde9

      SHA1

      c9479c7cbe08c9b9c8d022f0a9dc0d64277936e8

      SHA256

      52b9735c9182c90dcf54bb2d1ae287bd702417070fa3dd403232b0a5c26b857f

      SHA512

      667a6894b3e772822a926e6543819f351639436e6a8d98f7bc6238f77c2d3d62227ab11b3beb007326437317c52e690a62f539ce196258f6c07192acbb1565ea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8F09.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar90A6.tmp
      Filesize

      183KB

      MD5

      109cab5505f5e065b63d01361467a83b

      SHA1

      4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

      SHA256

      ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

      SHA512

      753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF2D8FA018BE41EDAB.TMP
      Filesize

      16KB

      MD5

      447ffb475c865635351461bd0cf70c8c

      SHA1

      2ebc20673b387ab4a0045352fd6ecc66dab21e30

      SHA256

      6f0e32c5e5e0f58e4408ea354ed4630d03a979172b5b9f0b14dfffdb70b3eabd

      SHA512

      2740ce90f8900b25835efdc485588243e88a2fa7fa6b06b2d8a7cba16b8e9217ea46bd43fc2c0eb8e5f882f43a4dd0c11a5df4bf89cc76a07c16ca27e52fc109

      Download Submit

    • memory/2500-12-0x0000000000720000-0x0000000000722000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2500-11-0x0000000001D88000-0x0000000001D8B000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2500-7-0x0000000000230000-0x0000000000240000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2500-6-0x0000000001D70000-0x0000000001E9E000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2500-5-0x0000000001D88000-0x0000000001D8B000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2500-3-0x0000000001D70000-0x0000000001E9E000-memory.dmp

      Filesize

      1.2MB

      Download