Overview

overview

10

Static

static

my_attach_w6a.js

windows7_x64

10

my_attach_w6a.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    my_attach_w6a.js

  • Size

    3.5MB

  • Sample

    200510-e7dkvxd5mn

  • MD5

    41f0a90ea0ea504797e3532855e0f84e

  • SHA1

    f1bfd6388010c52ffeb7ad715777d336606578f2

  • SHA256

    f9618a3874287470fdf554b82d5466a6c2a39344ec24c0eb82ad810725954a8d

  • SHA512

    50c5099240adbf4b1c4ccd4084ce17937ec7e64aa2cb4a43fa1f674396660e803fcc8fe8dbab1e0f378e15cd932fb92bcded637fee1921fe627da8aebf24956e

Score
10/10
gozi_ifsbursnifbankerspywaretrojan

Malware Config

Targets

    • Target

      my_attach_w6a.js

    • Size

      3.5MB

    • MD5

      41f0a90ea0ea504797e3532855e0f84e

    • SHA1

      f1bfd6388010c52ffeb7ad715777d336606578f2

    • SHA256

      f9618a3874287470fdf554b82d5466a6c2a39344ec24c0eb82ad810725954a8d

    • SHA512

      50c5099240adbf4b1c4ccd4084ce17937ec7e64aa2cb4a43fa1f674396660e803fcc8fe8dbab1e0f378e15cd932fb92bcded637fee1921fe627da8aebf24956e

    Score
    10/10
    bankertrojangozi_ifsbursnifspyware

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks