Overview

overview

10

Static

static

presentation_w0i.js

windows7_x64

10

presentation_w0i.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    presentation_w0i.js

  • Size

    1.7MB

  • Sample

    200214-8z8vnjqrp2

  • MD5

    5f43c62e7265604f3aec3b8b28a0a451

  • SHA1

    a3fff87307b9b6430004e66985146fb4d36688ab

  • SHA256

    6283406c2c25eb5d8213b9f02887c8131054ab46698d302b1ae12baddc512199

  • SHA512

    f69e7e1ab0e7fe37312c97909e8ddde2046694fc8b25f7eff1a774da2c84ec39e15a82cc71859412218a8b3a3770e1a1056fb5fc2891af2f7c78e03100593533

Score
10/10
gozi_ifsbbankerevasionspywaretrojan

Malware Config

Targets

    • Target

      presentation_w0i.js

    • Size

      1.7MB

    • MD5

      5f43c62e7265604f3aec3b8b28a0a451

    • SHA1

      a3fff87307b9b6430004e66985146fb4d36688ab

    • SHA256

      6283406c2c25eb5d8213b9f02887c8131054ab46698d302b1ae12baddc512199

    • SHA512

      f69e7e1ab0e7fe37312c97909e8ddde2046694fc8b25f7eff1a774da2c84ec39e15a82cc71859412218a8b3a3770e1a1056fb5fc2891af2f7c78e03100593533

    Score
    10/10
    spywareevasiontrojanbankergozi_ifsb

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks