gozi_ifsb | b9127a38c105987631df3a245c009dc9519bb790e27e8fd6de682b89f76d7db8 | Triage

Submit
Reports

Overview

overview

Static

static

9

u03062020.bin.dll

windows7_x64

u03062020.bin.dll

windows10_x64

Sharing

General

Target

u03062020.bin
Size

576KB
Sample

201109-zqytl98xxj
MD5

436098e705e0c18a156441ac979a4a9c
SHA1

15d678fb01192792852aef1d96a2b915d75a1034
SHA256

b9127a38c105987631df3a245c009dc9519bb790e27e8fd6de682b89f76d7db8
SHA512

319321bab1b61408fd0a82cc1a16d85e39eb28d2d22e26153912a5f768b925baf0ce8b811d2c69f81804d5db1c2d421030f1c7e93fa1af5a97390654b7f759b7

Score

10^/10

gozi_ifsb ursnif banker cryptone packer trojan

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

u03062020.bin.dll

Resource

win7v20201028

gozi_ifsb banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

u03062020.bin.dll

Resource

win10v20201028

ursnif banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  u03062020.bin
- Size
  
  576KB
- MD5
  
  436098e705e0c18a156441ac979a4a9c
- SHA1
  
  15d678fb01192792852aef1d96a2b915d75a1034
- SHA256
  
  b9127a38c105987631df3a245c009dc9519bb790e27e8fd6de682b89f76d7db8
- SHA512
  
  319321bab1b61408fd0a82cc1a16d85e39eb28d2d22e26153912a5f768b925baf0ce8b811d2c69f81804d5db1c2d421030f1c7e93fa1af5a97390654b7f759b7
Score

10^/10

gozi_ifsb banker trojan ursnif
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

ursnifbankertrojan

© 2018-2024

Terms | Privacy