Overview

overview

10

Static

static

3.exe

windows7_x64

10

3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3.exe

  • Size

    142KB

  • Sample

    200713-lgszt6yelj

  • MD5

    5105430437588f8878da6957bc8c3119

  • SHA1

    818651e37ef71701165c3eb03c5c1813c1047b32

  • SHA256

    d5ccf9039136d23649240cd3879f6e9d40dae0dff2a5cfcdefc8535f93587c38

  • SHA512

    3149a53bc48feea00ce6067cf5bbe94ae5b65e933ffdd5ae4139d217c2e7e7e65fa636ab021d9a374e091a791c952e6f995e6cb923ddbfcc33d4d1e575e528b1

Score
10/10
gozi_ifsbursnifbankerevasionspywaretrojan

Malware Config

Targets

    • Target

      3.exe

    • Size

      142KB

    • MD5

      5105430437588f8878da6957bc8c3119

    • SHA1

      818651e37ef71701165c3eb03c5c1813c1047b32

    • SHA256

      d5ccf9039136d23649240cd3879f6e9d40dae0dff2a5cfcdefc8535f93587c38

    • SHA512

      3149a53bc48feea00ce6067cf5bbe94ae5b65e933ffdd5ae4139d217c2e7e7e65fa636ab021d9a374e091a791c952e6f995e6cb923ddbfcc33d4d1e575e528b1

    Score
    10/10
    bankertrojangozi_ifsbursnifspywareevasion

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks