General
-
Target
522b12f425adf3c974452ec25cc35090594cf94ae0f36ef4945c420b322a53a2
-
Size
365KB
-
Sample
201114-c8kmbmdxln
-
MD5
1ec1a06e9206527fa74c5560f1fa71b7
-
SHA1
808955643df13e421c270e377c819cde4dd2c845
-
SHA256
522b12f425adf3c974452ec25cc35090594cf94ae0f36ef4945c420b322a53a2
-
SHA512
f6d860a6b21db89615e90caadcc33734a0c6c1a0953fec6d9c0e9330dfb12d8455536ba7c398e86ed33d5e18490cc58ddae3b0c09733bbd1f58394cb5562c604
Malware Config
Targets
-
-
Target
522b12f425adf3c974452ec25cc35090594cf94ae0f36ef4945c420b322a53a2
-
Size
365KB
-
MD5
1ec1a06e9206527fa74c5560f1fa71b7
-
SHA1
808955643df13e421c270e377c819cde4dd2c845
-
SHA256
522b12f425adf3c974452ec25cc35090594cf94ae0f36ef4945c420b322a53a2
-
SHA512
f6d860a6b21db89615e90caadcc33734a0c6c1a0953fec6d9c0e9330dfb12d8455536ba7c398e86ed33d5e18490cc58ddae3b0c09733bbd1f58394cb5562c604
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Ursnif, Dreambot
Ursnif is a variant of the Gozi IFSB with more capabilities.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-