gozi_ifsb | e5cb6bf749b22e4232541bdd75087559bcba643bed551040ec74a561d8de259d | Triage

Submit
Reports

Overview

overview

Static

static

prescriver...20.doc

windows7_x64

prescriver...20.doc

windows10_x64

Sharing

General

Target

prescrivere 12.20.doc
Size

145KB
Sample

201203-dzck9tj5ls
MD5

b53e10e01be1eff9f160d798c7292058
SHA1

3f553e215de6b65fad42346d5891482a17d53555
SHA256

e5cb6bf749b22e4232541bdd75087559bcba643bed551040ec74a561d8de259d
SHA512

e5a454a96e047a84df1778bb38cf271f32484d84a3bcd8125d4ad687c9650abb4237b1f572b1a878e101efadfffe47dbffb6924e795d3a387336a30fb717575d

Score

10^/10

gozi_ifsb banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

prescrivere 12.20.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

prescrivere 12.20.doc

Resource

win10v20201028

gozi_ifsb banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  prescrivere 12.20.doc
- Size
  
  145KB
- MD5
  
  b53e10e01be1eff9f160d798c7292058
- SHA1
  
  3f553e215de6b65fad42346d5891482a17d53555
- SHA256
  
  e5cb6bf749b22e4232541bdd75087559bcba643bed551040ec74a561d8de259d
- SHA512
  
  e5a454a96e047a84df1778bb38cf271f32484d84a3bcd8125d4ad687c9650abb4237b1f572b1a878e101efadfffe47dbffb6924e795d3a387336a30fb717575d
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gozi_ifsbbankertrojan

© 2018-2024

Terms | Privacy