Overview

overview

10

Static

static

3

a6ba2e834e...1f.exe

windows7-x64

10

a6ba2e834e...1f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6ba2e834e4429f7e13406cf5897a71f.exe

  • Size

    1.8MB

  • MD5

    a6ba2e834e4429f7e13406cf5897a71f

  • SHA1

    14143fc6cc6e2b6afba16e02bbf010ce93561436

  • SHA256

    dcdd775ccbbe54e21464fe274f737694641875f63157f043a7285acfdec17e2a

  • SHA512

    d04c1feae157d43b2c2e165de5f66760bdd025076e4d7c2a5527def529739479916ef0c580d5299a0c5fbdd1616a68a7b2d90ac71b5a52a27319bd6a01b95327

  • SSDEEP

    49152:4SuE32trqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3qqPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6ba2e834e4429f7e13406cf5897a71f.exe
    "C:\Users\Admin\AppData\Local\Temp\a6ba2e834e4429f7e13406cf5897a71f.exe"
    1⤵
      PID:1152
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2940

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8da0d9b13dbac2242250c935074c8dbb

      SHA1

      2308e53c7c2521907b314d652dd1ee606aa17720

      SHA256

      dcc63333d1f2ec90c552cc16e76f9aaae5c24b1592297b9ca3af79332f6cee0d

      SHA512

      946f8d60b3ce19025310c5c77236725d5b17f95eb56aae10d840fd28f611d5252749ad8db5eb05f01681f0c5fef0428a618c86b6ec03c666218b6950ea6c54cd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      697a8b30690f84c9034a4749596e75cc

      SHA1

      618d90b5bfae638d7a1ee88d9418d8baae38e2c4

      SHA256

      6bcf7a9ea8b4243fce8449946aed2884b98e4c6ece8381752c3f80c2e47992dd

      SHA512

      577dba2cc04e5f468b7b9915e9be25ae17af22e9918f6d0627b6aa2ab510b8635789eda6b429b60da32fce3cf8582f6514780d6de1c088eb88a9e099b15df715

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      40723a868e94c995001df0680100f19f

      SHA1

      6d4a00b3e6e1f2b49d6324b08956f08bdadd09f0

      SHA256

      9c950f2c3af41768b80d4edcbae7b2d1c8fcc6cec68789117dce840f185c57a1

      SHA512

      78ca4340dac141355dd5faec4ba7a3d153db1ebb0273f285d7aaea695efc7b56b2b3a7763b1194e19bb12f4a6cc72fd7c5705585b0c65ea8cfab4a6dc1c47760

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d74605e3ad2a6ca936884368f886da80

      SHA1

      746151dac67e70da4054b0287510b2ffb8da52d1

      SHA256

      91b4f3315ef66680770c2989bbb2f37fa11e0d56b171fb245aeb25905a4cc513

      SHA512

      3b5d8cdea6109d802d8cce55ac81d330d9a5bab769e9dbfa63be005a7309217118b793d05eff634deeced5e5aa556bd6af66d0621ca15f2b1f7fcf3b732c7263

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      244f217165ab93547120ea78f3fc0eee

      SHA1

      c6cd6b88251c2f9e6ff481362885011b90600b7e

      SHA256

      1258d636f57916e105d6ee9721f1fc039d1f02ec75b82d44f716eea492aae72b

      SHA512

      faa20c88243f722a3f48c84c4f34b0a1e399203acb02fdaf986fed1698f854dae042c28d9f3d6a278190bc45716d77ee9ec056bda049a106d21e7d02cff67df0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41eccc1d8d25db021d659f9a12dd8e07

      SHA1

      78907b54db5885a566634d7e56ff5faaa041f837

      SHA256

      776223168d05ed0375848d42ea97016e61f9d8f0a137ecfae44f327679c4da80

      SHA512

      e83f2c5f545d9106686df2bba845dacc89c69286e8dbe9c4fd4fa9516aa5f560b1b71a6803d64dd1178550c01f3df26172428274c7cc6147906479d7119a7e97

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f05840cc6b5c10712303212c9b85292

      SHA1

      fe8b93f8f1cc55b54162fb78efed36810dda09bd

      SHA256

      980e0c4cf9bc202696ddde83e3b26b104fb1c08727a3911617af1693617a7284

      SHA512

      6f165162ff6999537f64df3c9727e5e372be715c91fafab3213b28f2866d2761d1c9d6466bc1ddf54e5d3fdd4bccbe040be5fcc02af83f002469f085da65df04

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab1E5C.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar1F69.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1152-0-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/1152-13-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1152-8-0x00000000002C0000-0x00000000002C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1152-4-0x0000000000290000-0x00000000002AB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1152-2-0x000000000058F000-0x0000000000594000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1152-3-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/1152-1-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download