General
-
Target
ee12174421fe88e3d229a3ceeb79d46695c837cbe6b395ff60bbfed3944fc4fa
-
Size
365KB
-
Sample
201108-ncedxh726j
-
MD5
8f8fa2a30b7831c675f46d73797cb82d
-
SHA1
8ba2af9608ed6d56a415704bda042e30c8af79c0
-
SHA256
ee12174421fe88e3d229a3ceeb79d46695c837cbe6b395ff60bbfed3944fc4fa
-
SHA512
9211d48db1035d568af288daf50fde2b56aec8e8945bbda28098cbc2175a6665895676a5c999039cce93302d26ac2b032720c71c35610c56086c01a84d1f6452
Malware Config
Targets
-
-
Target
ee12174421fe88e3d229a3ceeb79d46695c837cbe6b395ff60bbfed3944fc4fa
-
Size
365KB
-
MD5
8f8fa2a30b7831c675f46d73797cb82d
-
SHA1
8ba2af9608ed6d56a415704bda042e30c8af79c0
-
SHA256
ee12174421fe88e3d229a3ceeb79d46695c837cbe6b395ff60bbfed3944fc4fa
-
SHA512
9211d48db1035d568af288daf50fde2b56aec8e8945bbda28098cbc2175a6665895676a5c999039cce93302d26ac2b032720c71c35610c56086c01a84d1f6452
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Ursnif, Dreambot
Ursnif is a variant of the Gozi IFSB with more capabilities.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-