gozi_ifsb | 8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d | Triage

Submit
Reports

Overview

overview

Static

static

8e7e061cfb...2d.exe

windows7_x64

8e7e061cfb...2d.exe

windows10_x64

Sharing

General

Target

8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d
Size

40KB
Sample

201223-2yv4yasxj2
MD5

0286232c6300bea38235739d04845f57
SHA1

b6e6d215790c97f2a401391366750d2ff9ededa9
SHA256

8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d
SHA512

0c8869392f7d85f50e630706c9e3c32fa68d1ba012ede1aa38cd1ebe467f65ffd2c49dbbb6231f973fef24640a36624c99147ac70d5310f29bb1ca72e496a63f

Score

10^/10

gozi_ifsb ursnif banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d.exe

Resource

win7v20201028

gozi_ifsb ursnif banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d.exe

Resource

win10v20201028

gozi_ifsb ursnif banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d
- Size
  
  40KB
- MD5
  
  0286232c6300bea38235739d04845f57
- SHA1
  
  b6e6d215790c97f2a401391366750d2ff9ededa9
- SHA256
  
  8e7e061cfbeca37aaa1faf43b7e248fbc53024e5abacd532873fdb7919569c2d
- SHA512
  
  0c8869392f7d85f50e630706c9e3c32fa68d1ba012ede1aa38cd1ebe467f65ffd2c49dbbb6231f973fef24640a36624c99147ac70d5310f29bb1ca72e496a63f
Score

10^/10

gozi_ifsb ursnif banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbursnifbankertrojan

behavioral2

gozi_ifsbursnifbankertrojan

© 2018-2024

Terms | Privacy