Overview

overview

10

Static

static

75dd85a6d1...a3.exe

windows7_x64

10

75dd85a6d1...a3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75dd85a6d1389e53fb125ebd9d2711a3.exe

  • Size

    188KB

  • Sample

    201128-a1gtvgqyf2

  • MD5

    75dd85a6d1389e53fb125ebd9d2711a3

  • SHA1

    39d33f5c7aa2364f0f345f566946758ad3af80d4

  • SHA256

    2b120acc21bb146f94d229b7efeef732ab31dc9874fa00174f61e7673982a309

  • SHA512

    1a0ac909fa0ad554dc2972679c5f8a0bc944d435595eb9de227ff2f6fa70cffdfd05857df1cec16d11589550f80d3f004c6d471e9a291b50ff0e466e66493116

Score
10/10
gozi_ifsbbankertrojan

Malware Config

Targets

    • Target

      75dd85a6d1389e53fb125ebd9d2711a3.exe

    • Size

      188KB

    • MD5

      75dd85a6d1389e53fb125ebd9d2711a3

    • SHA1

      39d33f5c7aa2364f0f345f566946758ad3af80d4

    • SHA256

      2b120acc21bb146f94d229b7efeef732ab31dc9874fa00174f61e7673982a309

    • SHA512

      1a0ac909fa0ad554dc2972679c5f8a0bc944d435595eb9de227ff2f6fa70cffdfd05857df1cec16d11589550f80d3f004c6d471e9a291b50ff0e466e66493116

    Score
    10/10
    gozi_ifsbbankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks