General
-
Target
02d165251fbb673606e8c48754a9d5e4682317b5a277e71ad541d252e107aa74
-
Size
273KB
-
Sample
201110-nw3yhg9cax
-
MD5
7f1d3c53b9ec4e4a0de133e294c59503
-
SHA1
0a5cf542342a579a2da13fe81f2a33e8beb2dd53
-
SHA256
02d165251fbb673606e8c48754a9d5e4682317b5a277e71ad541d252e107aa74
-
SHA512
38693beb421aa4b18de14edc82a360e437e3269003ac94322f2cd34ce9a6c8cd4ee4d5d3fec785f36e752b7e6bd8f2a62a95988282240181d24f0f3341897486
Malware Config
Targets
-
-
Target
02d165251fbb673606e8c48754a9d5e4682317b5a277e71ad541d252e107aa74
-
Size
273KB
-
MD5
7f1d3c53b9ec4e4a0de133e294c59503
-
SHA1
0a5cf542342a579a2da13fe81f2a33e8beb2dd53
-
SHA256
02d165251fbb673606e8c48754a9d5e4682317b5a277e71ad541d252e107aa74
-
SHA512
38693beb421aa4b18de14edc82a360e437e3269003ac94322f2cd34ce9a6c8cd4ee4d5d3fec785f36e752b7e6bd8f2a62a95988282240181d24f0f3341897486
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Ursnif, Dreambot
Ursnif is a variant of the Gozi IFSB with more capabilities.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-