Overview

overview

10

Static

static

wellwishervcf.dll

windows7_x64

10

wellwishervcf.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wellwishervcf

  • Size

    286KB

  • Sample

    200723-a3xa7cy1q6

  • MD5

    4549708f2a9c381890a5558b2036bc49

  • SHA1

    62309679b02f05d42bc05cf6c1f522e4837f4f04

  • SHA256

    ae618e94c64b10307de3193efe693ba4cf0ea371a662038f705ba00779ad4f40

  • SHA512

    11e0453fef0e061b93f6f7f9f2e956dbef5ff09781da602387e31fcab52b477b2827b07f528551fefbc7dd65b6ca8294f24c7751a5bdf58f341aa05ad78aef8c

Score
10/10
gozi_ifsbursnifbankerspywaretrojan

Malware Config

Targets

    • Target

      wellwishervcf

    • Size

      286KB

    • MD5

      4549708f2a9c381890a5558b2036bc49

    • SHA1

      62309679b02f05d42bc05cf6c1f522e4837f4f04

    • SHA256

      ae618e94c64b10307de3193efe693ba4cf0ea371a662038f705ba00779ad4f40

    • SHA512

      11e0453fef0e061b93f6f7f9f2e956dbef5ff09781da602387e31fcab52b477b2827b07f528551fefbc7dd65b6ca8294f24c7751a5bdf58f341aa05ad78aef8c

    Score
    10/10
    bankertrojangozi_ifsbursnifspyware

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks