Overview

overview

10

Static

static

8

Informatio...1.xlsb

windows7_x64

10

Informatio...1.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Information_12761.xlsb

  • Size

    98KB

  • Sample

    210210-bw6l62jgme

  • MD5

    2ec72f5e2212c6b28398c63262dea005

  • SHA1

    7c457be5bd44fcb6ede6a53ca33071a55555ed2c

  • SHA256

    52b330f16d858c74fef8c1b1917d8db589fc58965d076ec8ed31d9592f534b88

  • SHA512

    d641491b34c741cb1492a5a11e03e3a2a30460a44fdaebd8312fbd6d2036b0a1ef7e4f0e2d604b31e452f6f3433d84ced34c51fd1c844e720b8ca2a8d265425a

Score
10/10
gozi_ifsb2200bankermacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://135.181.84.1/campo/p/p

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1
Attributes
  • build

    250171

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      Information_12761.xlsb

    • Size

      98KB

    • MD5

      2ec72f5e2212c6b28398c63262dea005

    • SHA1

      7c457be5bd44fcb6ede6a53ca33071a55555ed2c

    • SHA256

      52b330f16d858c74fef8c1b1917d8db589fc58965d076ec8ed31d9592f534b88

    • SHA512

      d641491b34c741cb1492a5a11e03e3a2a30460a44fdaebd8312fbd6d2036b0a1ef7e4f0e2d604b31e452f6f3433d84ced34c51fd1c844e720b8ca2a8d265425a

    Score
    10/10
    gozi_ifsb2200bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks