General

  • Target

    ff5a6e3516ba8bd8346c1cafd871051bb3c15b0f4551b889e334cd38ca663af2.exe

  • Size

    138KB

  • Sample

    210121-n6ywtvlexa

  • MD5

    596fa9be9e11c9f48b4a2b4ded030999

  • SHA1

    2e7df1d820851fa84c6fbb33a5578272c22c369e

  • SHA256

    ff5a6e3516ba8bd8346c1cafd871051bb3c15b0f4551b889e334cd38ca663af2

  • SHA512

    cb7f370c8f51be3bb232b935248a034db53440426a0b03ae104261dc3691ea51d2305b3da3237ba904f66010e476895ef9a32863ec7e793ed8a597b427afd62b

Malware Config

Targets

    • Target

      ff5a6e3516ba8bd8346c1cafd871051bb3c15b0f4551b889e334cd38ca663af2.exe

    • Size

      138KB

    • MD5

      596fa9be9e11c9f48b4a2b4ded030999

    • SHA1

      2e7df1d820851fa84c6fbb33a5578272c22c369e

    • SHA256

      ff5a6e3516ba8bd8346c1cafd871051bb3c15b0f4551b889e334cd38ca663af2

    • SHA512

      cb7f370c8f51be3bb232b935248a034db53440426a0b03ae104261dc3691ea51d2305b3da3237ba904f66010e476895ef9a32863ec7e793ed8a597b427afd62b

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks