Overview

overview

10

Static

static

pan0ramic0.jpg.dll

windows7_x64

1

pan0ramic0.jpg.dll

windows10_x64

10

Resubmissions

04-02-2021 16:58

210204-qx2mdjj6ce 1

22-01-2021 09:16

210122-vtr8qktyhx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pan0ramic0.jpg.dll

  • Size

    220KB

  • Sample

    210122-vtr8qktyhx

  • MD5

    86b877eeaf0482b5e1439ed80a82fffb

  • SHA1

    26c46504c293311f0403bf699f2ddc6cacb63c5b

  • SHA256

    8baffba2ed672607e1535dcbfcc47a264e7b8941f63cf181814d7365e8627d05

  • SHA512

    668d14788dea6baa58997ee0ddc364c93d268091cc0f2b7e30a1d0b29c6389438c11d53b35d5ab40abe58efebbc92f5acdae92e0cba852cfbd970cecf0e53dd5

Score
10/10
gozi_ifsbbankerransomwaretrojan

Malware Config

Targets

    • Target

      pan0ramic0.jpg.dll

    • Size

      220KB

    • MD5

      86b877eeaf0482b5e1439ed80a82fffb

    • SHA1

      26c46504c293311f0403bf699f2ddc6cacb63c5b

    • SHA256

      8baffba2ed672607e1535dcbfcc47a264e7b8941f63cf181814d7365e8627d05

    • SHA512

      668d14788dea6baa58997ee0ddc364c93d268091cc0f2b7e30a1d0b29c6389438c11d53b35d5ab40abe58efebbc92f5acdae92e0cba852cfbd970cecf0e53dd5

    Score
    10/10
    gozi_ifsbbankerransomwaretrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks