Overview

overview

10

Static

static

my_present...c1l.js

windows7_x64

10

my_present...c1l.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    my_presentation_c1l.js

  • Size

    3.8MB

  • Sample

    200524-kvesg7xlsx

  • MD5

    763c2375aea17fffc6c0e24c2808570c

  • SHA1

    10f7b2d55a9a10902b91fb1c0e632e7db257006e

  • SHA256

    e4276d8f476bc00d0e1b946a5e4da025575753c7c1b4bbff3408f8a07461f72d

  • SHA512

    9a59f0c887368105ff7a5a329a775ff107a7e9ed306d56e4471aa4f7258b581ecc7960edb0ce89dbc411b23244fb45e561b4e2debbd71699df77467e2bd68beb

Score
10/10
gozi_ifsbursnifbankerspywaretrojan

Malware Config

Targets

    • Target

      my_presentation_c1l.js

    • Size

      3.8MB

    • MD5

      763c2375aea17fffc6c0e24c2808570c

    • SHA1

      10f7b2d55a9a10902b91fb1c0e632e7db257006e

    • SHA256

      e4276d8f476bc00d0e1b946a5e4da025575753c7c1b4bbff3408f8a07461f72d

    • SHA512

      9a59f0c887368105ff7a5a329a775ff107a7e9ed306d56e4471aa4f7258b581ecc7960edb0ce89dbc411b23244fb45e561b4e2debbd71699df77467e2bd68beb

    Score
    10/10
    bankertrojangozi_ifsbursnifspyware

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks