Overview

overview

10

Static

static

machine.dll

windows7_x64

10

machine.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    machine.dll

  • Size

    46KB

  • Sample

    201002-l8t1qmee92

  • MD5

    f66ff9ac0e1dc028de92aaa3255daf81

  • SHA1

    5455fadda6480468034eb65a0e58afff69a63aba

  • SHA256

    88c3ec0d56ce1c6ea8763ced6993e704e73b3fd105f40a142bc310fcd6efc77d

  • SHA512

    2d1fdae8b67aa8f3180a8ed347315053b09b20fa2bf90738af39b32a47fb2d5dc84c61d187e61566e826a6d05f9a80346f6a02c581b04c6d808dc7bb65bf8294

Score
10/10
gozi_ifsbursnifbankerspywaretrojan

Malware Config

Targets

    • Target

      machine.dll

    • Size

      46KB

    • MD5

      f66ff9ac0e1dc028de92aaa3255daf81

    • SHA1

      5455fadda6480468034eb65a0e58afff69a63aba

    • SHA256

      88c3ec0d56ce1c6ea8763ced6993e704e73b3fd105f40a142bc310fcd6efc77d

    • SHA512

      2d1fdae8b67aa8f3180a8ed347315053b09b20fa2bf90738af39b32a47fb2d5dc84c61d187e61566e826a6d05f9a80346f6a02c581b04c6d808dc7bb65bf8294

    Score
    10/10
    bankertrojangozi_ifsbursnifspyware

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks