General

  • Target

    commercio-12.20.doc

  • Size

    92KB

  • Sample

    201203-8ml1yjzx2e

  • MD5

    b68d9dc45e89abdb4e74d32235529741

  • SHA1

    a05ffaf0e95c40d0887554b923452c5a26d39177

  • SHA256

    0449d796b30f78aee21290044bd4f7923eef1bbb362764f71d3fc547eeb8665f

  • SHA512

    dada1f325d8b6e5b02effc24b1003b41e64d091f077d845049368818ec9f9e8951584104de44f9ebd0040c1afb743a8729fcec16450fff145aac8f069724bd3c

Score
10/10

Malware Config

Targets

    • Target

      commercio-12.20.doc

    • Size

      92KB

    • MD5

      b68d9dc45e89abdb4e74d32235529741

    • SHA1

      a05ffaf0e95c40d0887554b923452c5a26d39177

    • SHA256

      0449d796b30f78aee21290044bd4f7923eef1bbb362764f71d3fc547eeb8665f

    • SHA512

      dada1f325d8b6e5b02effc24b1003b41e64d091f077d845049368818ec9f9e8951584104de44f9ebd0040c1afb743a8729fcec16450fff145aac8f069724bd3c

    Score
    10/10
    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks