Overview

overview

10

Static

static

Emmett.mpa.dll

windows7_x64

10

Emmett.mpa.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Emmett.mpa

  • Size

    264KB

  • Sample

    200706-xyrhcy4e8a

  • MD5

    f2468454850c605558c6e959e07483b8

  • SHA1

    78a426659ffff4152573b41a55270a868f8220f0

  • SHA256

    f3bd51c1bd71274daa1112b90a478ab08ee9644c117cc5405b53d37b839e8fdc

  • SHA512

    5628bd8f9dcea25426b6242296cb9c34f86cfa75a36b14829d001594f040a83043f538da796fcf14d9eedc8aaac24af8a53c780ac57d524d9b90f994ec4e1180

Score
10/10
gozi_ifsbursnifbankerdiscoveryspywaretrojan

Malware Config

Targets

    • Target

      Emmett.mpa

    • Size

      264KB

    • MD5

      f2468454850c605558c6e959e07483b8

    • SHA1

      78a426659ffff4152573b41a55270a868f8220f0

    • SHA256

      f3bd51c1bd71274daa1112b90a478ab08ee9644c117cc5405b53d37b839e8fdc

    • SHA512

      5628bd8f9dcea25426b6242296cb9c34f86cfa75a36b14829d001594f040a83043f538da796fcf14d9eedc8aaac24af8a53c780ac57d524d9b90f994ec4e1180

    Score
    10/10
    bankertrojangozi_ifsbspywareursnifdiscovery

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks