Overview

overview

10

Static

static

b58bd807a9...3a.exe

windows7_x64

10

b58bd807a9...3a.exe

windows10_x64

10

Analysis

  • max time kernel
    61s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    14-12-2020 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b58bd807a9d6813d5585f45d4dfb0f3a.exe

  • Size

    250KB

  • MD5

    b58bd807a9d6813d5585f45d4dfb0f3a

  • SHA1

    fba5bbc9f19d37b09a5d9837cf613a02faedc696

  • SHA256

    9f99d05717a675f039e6d2cb5f20f5c3c652f19bcc1255eda71a627f3a74ccc3

  • SHA512

    cbcc861aa261e3e1c15924253422c7e37d586ff02f875a6b6bad727ae950580caa4cf32d7c28d0aa777ef19747478ebe5b7561ec0cefb7f07c9b5c59698681fb

Score
10/10
gozi_ifsbbankerpersistencetrojan

Malware Config

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b58bd807a9d6813d5585f45d4dfb0f3a.exe
    "C:\Users\Admin\AppData\Local\Temp\b58bd807a9d6813d5585f45d4dfb0f3a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of UnmapMainImage
    PID:1824

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads