Overview

overview

10

Static

static

pan0ramic0.jpg.dll

windows7_x64

1

pan0ramic0.jpg.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pan0ramic0.jpg.dll

  • Size

    239KB

  • Sample

    210122-n53pypw49j

  • MD5

    25507f89abd96f37d80e0596cd834e26

  • SHA1

    101b89112be002d90e39b62496e79146ab8fc87a

  • SHA256

    ca3408df31dc066d6ec4feea0388ca8d0cf5d35393bd5a6f1979b9af590f7615

  • SHA512

    7daada31a57687749a004d4de9794299d05b4c7ca6ce2d7647cf598638281f72b45eea1e95b1c4f32ca52f3404559a53fc2e92b37c1165dc9a725f869004c5fd

Score
10/10
gozi_ifsbbankerransomwaretrojan

Malware Config

Targets

    • Target

      pan0ramic0.jpg.dll

    • Size

      239KB

    • MD5

      25507f89abd96f37d80e0596cd834e26

    • SHA1

      101b89112be002d90e39b62496e79146ab8fc87a

    • SHA256

      ca3408df31dc066d6ec4feea0388ca8d0cf5d35393bd5a6f1979b9af590f7615

    • SHA512

      7daada31a57687749a004d4de9794299d05b4c7ca6ce2d7647cf598638281f72b45eea1e95b1c4f32ca52f3404559a53fc2e92b37c1165dc9a725f869004c5fd

    Score
    10/10
    gozi_ifsbbankerransomwaretrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks