General
-
Target
u271020tar
-
Size
352KB
-
Sample
201027-32x25bvrzs
-
MD5
d800d8db5cb2ecc22899dcf7e1c2430d
-
SHA1
24a64c88075907a3f01bfdc68ef3044c13f25296
-
SHA256
84c7bba059b9d495d9e923346510a67a062b20d17c90d806fbf8cb6b67d91363
-
SHA512
39bfb1567d32b177b27627fc76fc5410ebd6009ed972f7b044eae034746311d603ba67b7e1e51d374b34b788a5ccccf7849f2b7169c6184ba180d609cc646aa8
Malware Config
Targets
-
-
Target
u271020tar
-
Size
352KB
-
MD5
d800d8db5cb2ecc22899dcf7e1c2430d
-
SHA1
24a64c88075907a3f01bfdc68ef3044c13f25296
-
SHA256
84c7bba059b9d495d9e923346510a67a062b20d17c90d806fbf8cb6b67d91363
-
SHA512
39bfb1567d32b177b27627fc76fc5410ebd6009ed972f7b044eae034746311d603ba67b7e1e51d374b34b788a5ccccf7849f2b7169c6184ba180d609cc646aa8
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Ursnif, Dreambot
Ursnif is a variant of the Gozi IFSB with more capabilities.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-