Overview

overview

10

Static

static

fattura.exe

windows7_x64

10

fattura.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fattura.exe

  • Size

    269KB

  • Sample

    200424-kslx8qlksa

  • MD5

    9314c16d93a3ea519de0e30d89033b15

  • SHA1

    c1ee1ae4a767b7f0c86e709624c6efdd38ea5198

  • SHA256

    4f9be4851740b6d20406aca8c7f65916e4ec041f839d24e302165fe12b25b973

  • SHA512

    f1a956acb4c570275b1447b6d576b209664396a4b5000719554dfc5f322046ceb35c7e8649f1dbe4f64610917c633975c1577db33d40bd92c12b0d9a0c333dd2

Score
10/10
gozi_ifsbursnifbankerevasionspywaretrojan

Malware Config

Targets

    • Target

      fattura.exe

    • Size

      269KB

    • MD5

      9314c16d93a3ea519de0e30d89033b15

    • SHA1

      c1ee1ae4a767b7f0c86e709624c6efdd38ea5198

    • SHA256

      4f9be4851740b6d20406aca8c7f65916e4ec041f839d24e302165fe12b25b973

    • SHA512

      f1a956acb4c570275b1447b6d576b209664396a4b5000719554dfc5f322046ceb35c7e8649f1dbe4f64610917c633975c1577db33d40bd92c12b0d9a0c333dd2

    Score
    10/10
    evasiontrojanbankergozi_ifsbursnifspyware

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks