Overview

overview

10

Static

static

pliant.dll

windows7_x64

10

pliant.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pliant.dll

  • Size

    270KB

  • Sample

    200611-3qdpbm3y6a

  • MD5

    019c152a88c2efc4c7b42458a48f7f5c

  • SHA1

    1e6cc277d46f5fd5e7b915980deb8725c4a71726

  • SHA256

    d8885ce1f08167becda151811c6519af1bac2ad835acf60c7fa1130dad28fcd7

  • SHA512

    15457c7e7406aacf90bcdb281c3b00fc0f37923dfe660f23c4889a48091f877de6f7662bc13ee7c68cb6bb7bb39c1973d71ad4a8b50769893978c5163a64cfad

Score
10/10
gozi_ifsbursnifbankerspywaretrojan

Malware Config

Targets

    • Target

      pliant.dll

    • Size

      270KB

    • MD5

      019c152a88c2efc4c7b42458a48f7f5c

    • SHA1

      1e6cc277d46f5fd5e7b915980deb8725c4a71726

    • SHA256

      d8885ce1f08167becda151811c6519af1bac2ad835acf60c7fa1130dad28fcd7

    • SHA512

      15457c7e7406aacf90bcdb281c3b00fc0f37923dfe660f23c4889a48091f877de6f7662bc13ee7c68cb6bb7bb39c1973d71ad4a8b50769893978c5163a64cfad

    Score
    10/10
    bankertrojangozi_ifsbursnifspyware

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks