General
-
Target
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
Size
273KB
-
Sample
201114-kdmqjxwkme
-
MD5
54cd7479c93e54ce8c9784b8b1a0392b
-
SHA1
c3e15e023c4ae835789b82befbe328ae137417ea
-
SHA256
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
SHA512
cea67d7c1094b107a83c607196d9d4d16e0d7d6b7e5cdaa81d83e52422a9194203680d65b44c106c46a8e47dc6251fe292930e9fcc8b757b7d5242383286afbb
Malware Config
Targets
-
-
Target
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
Size
273KB
-
MD5
54cd7479c93e54ce8c9784b8b1a0392b
-
SHA1
c3e15e023c4ae835789b82befbe328ae137417ea
-
SHA256
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
SHA512
cea67d7c1094b107a83c607196d9d4d16e0d7d6b7e5cdaa81d83e52422a9194203680d65b44c106c46a8e47dc6251fe292930e9fcc8b757b7d5242383286afbb
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Ursnif, Dreambot
Ursnif is a variant of the Gozi IFSB with more capabilities.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-