gozi_ifsb | 385f77e0604e9926408a261fb3e56268f60e0fda4f124f2d1b0c1b45d106bdc0 | Triage

Submit
Reports

Overview

overview

Static

static

job_attach_h6x.js

windows7_x64

job_attach_h6x.js

windows10_x64

Sharing

General

Target

job_attach_h6x.js
Size

1.3MB
Sample

200417-vgrh6xlvl2
MD5

c9a6a820f7d344bfd42471b9964049a8
SHA1

bdc1669dec4e00d2d76817379b7b5088fadb471b
SHA256

385f77e0604e9926408a261fb3e56268f60e0fda4f124f2d1b0c1b45d106bdc0
SHA512

8b5d2d1ad55b942a5158036530c7c92cdb7318b4e878ff4d3e31d891b5b4a874914860c708d056b0033872cff006ce542ebdd79d04d13249e9c63c7f2622fa8f

Score

10^/10

gozi_ifsb ursnif banker evasion spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

job_attach_h6x.js

Resource

win7v200410

banker trojan gozi_ifsb ursnif spyware evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

job_attach_h6x.js

Resource

win10v200410

spyware banker trojan gozi_ifsb ursnif

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  job_attach_h6x.js
- Size
  
  1.3MB
- MD5
  
  c9a6a820f7d344bfd42471b9964049a8
- SHA1
  
  bdc1669dec4e00d2d76817379b7b5088fadb471b
- SHA256
  
  385f77e0604e9926408a261fb3e56268f60e0fda4f124f2d1b0c1b45d106bdc0
- SHA512
  
  8b5d2d1ad55b942a5158036530c7c92cdb7318b4e878ff4d3e31d891b5b4a874914860c708d056b0033872cff006ce542ebdd79d04d13249e9c63c7f2622fa8f
Score

10^/10

banker trojan gozi_ifsb ursnif spyware evasion
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankertrojangozi_ifsbursnifspywareevasion

behavioral2

spywarebankertrojangozi_ifsbursnif

© 2018-2024

Terms | Privacy