General

  • Target

    richiedere,12.20.doc

  • Size

    145KB

  • Sample

    201203-znbt2fx5ys

  • MD5

    f6b2953ee71d517801697bb19e31b101

  • SHA1

    6d7f15afba0bf1bf1f2cfb9d96a711ad714cce92

  • SHA256

    59d433bc2b7b0462f4866a79ae09c7a0ba5f61d9a1e427a174a21ace9a428d97

  • SHA512

    706896759453cf03abdcc2d64156209434e8c674379f26308b192c62b1857cd0d270cbc6e7b534de729d2d6c6e61ccc88521e37d1af67540333b7aa2865ad008

Score
10/10

Malware Config

Targets

    • Target

      richiedere,12.20.doc

    • Size

      145KB

    • MD5

      f6b2953ee71d517801697bb19e31b101

    • SHA1

      6d7f15afba0bf1bf1f2cfb9d96a711ad714cce92

    • SHA256

      59d433bc2b7b0462f4866a79ae09c7a0ba5f61d9a1e427a174a21ace9a428d97

    • SHA512

      706896759453cf03abdcc2d64156209434e8c674379f26308b192c62b1857cd0d270cbc6e7b534de729d2d6c6e61ccc88521e37d1af67540333b7aa2865ad008

    Score
    10/10
    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks