Overview

overview

10

Static

static

legal paper,07.20.doc

windows7_x64

10

legal paper,07.20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    legal paper,07.20.doc

  • Size

    113KB

  • Sample

    200707-laq6l2rmaa

  • MD5

    98341eab8607f90087b100cd4863be58

  • SHA1

    8b0b489829cd54470c62356a20910d77169c3f8e

  • SHA256

    8b9589e1a515f7019b28af81b00b799728917260d5ce35e1e3a6db57e26903fc

  • SHA512

    37b009dc27fb5e8902f4d4b65d6a75eb812b92b1a06cca473cd471c2d468ad80b34fb5fc58c977d2ea6c0d6881ce65932b2a89022615810f966006748e11e6ff

Score
10/10
gozi_ifsbbankertrojan

Malware Config

Targets

    • Target

      legal paper,07.20.doc

    • Size

      113KB

    • MD5

      98341eab8607f90087b100cd4863be58

    • SHA1

      8b0b489829cd54470c62356a20910d77169c3f8e

    • SHA256

      8b9589e1a515f7019b28af81b00b799728917260d5ce35e1e3a6db57e26903fc

    • SHA512

      37b009dc27fb5e8902f4d4b65d6a75eb812b92b1a06cca473cd471c2d468ad80b34fb5fc58c977d2ea6c0d6881ce65932b2a89022615810f966006748e11e6ff

    Score
    10/10
    bankertrojangozi_ifsb

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks