Overview

overview

10

Static

static

u271020tar.dll

windows7_x64

10

u271020tar.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    u271020tar

  • Size

    352KB

  • Sample

    201027-32x25bvrzs

  • MD5

    d800d8db5cb2ecc22899dcf7e1c2430d

  • SHA1

    24a64c88075907a3f01bfdc68ef3044c13f25296

  • SHA256

    84c7bba059b9d495d9e923346510a67a062b20d17c90d806fbf8cb6b67d91363

  • SHA512

    39bfb1567d32b177b27627fc76fc5410ebd6009ed972f7b044eae034746311d603ba67b7e1e51d374b34b788a5ccccf7849f2b7169c6184ba180d609cc646aa8

Score
10/10
gozi_ifsbursnifbankerspywaretrojan

Malware Config

Targets

    • Target

      u271020tar

    • Size

      352KB

    • MD5

      d800d8db5cb2ecc22899dcf7e1c2430d

    • SHA1

      24a64c88075907a3f01bfdc68ef3044c13f25296

    • SHA256

      84c7bba059b9d495d9e923346510a67a062b20d17c90d806fbf8cb6b67d91363

    • SHA512

      39bfb1567d32b177b27627fc76fc5410ebd6009ed972f7b044eae034746311d603ba67b7e1e51d374b34b788a5ccccf7849f2b7169c6184ba180d609cc646aa8

    Score
    10/10
    gozi_ifsbursnifbankerspywaretrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks