gozi_ifsb | 6d779d0b5bede913b065d80a8bd84e2797b07ee6e9acf2edc419b9d0a471a761 | Triage

Submit
Reports

Overview

overview

Static

static

open_prese...g8l.js

windows7_x64

open_prese...g8l.js

windows10_x64

Sharing

General

Target

open_presentation_g8l.js.zip
Size

206KB
Sample

200417-aq8a437tz2
MD5

104b9d4400b1eacdf0f7ba6c6f043a57
SHA1

9a5e375791f213f930bc81b8ab9575093b2d7ed8
SHA256

6d779d0b5bede913b065d80a8bd84e2797b07ee6e9acf2edc419b9d0a471a761
SHA512

692e9a3031a372d1bdd5bd62055388af1f76cb017da9c39b7abfc21014dd4d81fe7c46b12bb4dec751e2270cc21e54d3553ae62a71b24fb1a8c7b52ee4b758f6

Score

10^/10

gozi_ifsb ursnif banker evasion spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

open_presentation_g8l.js

Resource

win7v200410

banker trojan gozi_ifsb ursnif spyware evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

open_presentation_g8l.js

Resource

win10v200410

banker trojan gozi_ifsb ursnif spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  open_presentation_g8l.js
- Size
  
  1.4MB
- MD5
  
  58da4d0d9bdde0fcecd9d244ced71cc5
- SHA1
  
  15122a24648096af45215fa4bfa55f36a432088b
- SHA256
  
  e8d7ff11016b3a8f8b3c3e07b3895ff9e9d286aaf45bcc41907b701d7af1bd85
- SHA512
  
  346233e19159d7228d1905b645d4b7d6682230f3cccdce04284f1433d2d935c57c6d332364b65334edc374de0aab2c7451dde1448e7c59fc026a0e0b0567230f
Score

10^/10

banker trojan gozi_ifsb ursnif spyware evasion
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankertrojangozi_ifsbursnifspywareevasion

behavioral2

bankertrojangozi_ifsbursnifspyware

© 2018-2024

Terms | Privacy