Overview

overview

10

Static

static

my_present...q2n.js

windows7_x64

10

my_present...q2n.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    my_presentation_q2n.js

  • Size

    1.3MB

  • Sample

    200602-85jg8x34gs

  • MD5

    3bfdc69fe78e172ffe8c054d36596163

  • SHA1

    ecddf99225e7fb6940270ef115b5c275f48e5f0b

  • SHA256

    77ce825e2c50017520147fce8c85173fd63077ef97a07097b53ec61df9048b83

  • SHA512

    456162fff6f4c83df925fd2ead41c24001d1ab2982f7a8bc740b7d051e1697899fe24959ebb23569a40fead8e905becdd7786fad28a651cc73baa73f885864ce

Score
10/10
gozi_ifsbursnifbankerdiscoveryspywaretrojan

Malware Config

Targets

    • Target

      my_presentation_q2n.js

    • Size

      1.3MB

    • MD5

      3bfdc69fe78e172ffe8c054d36596163

    • SHA1

      ecddf99225e7fb6940270ef115b5c275f48e5f0b

    • SHA256

      77ce825e2c50017520147fce8c85173fd63077ef97a07097b53ec61df9048b83

    • SHA512

      456162fff6f4c83df925fd2ead41c24001d1ab2982f7a8bc740b7d051e1697899fe24959ebb23569a40fead8e905becdd7786fad28a651cc73baa73f885864ce

    Score
    10/10
    bankertrojangozi_ifsbursnifspywarediscovery

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks