Overview

overview

10

Static

static

SecuriteIn...13.exe

windows7_x64

10

SecuriteIn...13.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.W32.AIDetect.malware1.29648.1313

  • Size

    283KB

  • Sample

    210226-an45d269qa

  • MD5

    7270108facd5a2a3f767ef0605cf2572

  • SHA1

    cba5906ccfe6346aea95dd6423c4a6c4f1231771

  • SHA256

    33b931c8f19d3ef8b354cc7ca24ebfbb2cdf2b83e5717b1dd7c81cef80238591

  • SHA512

    6652d34b3fcb93f9632222a90bbc6f4605c045a38081ed2414ad1efae3e5513b94b6b24357ec593cde1c7e75fa7e8dfc8f917bb8ce459d8a6a8a602785fc630b

Score
10/10
gozi_ifsb6565bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6565

C2

updates.microsoft.com

klounisoronws.xyz

darwikalldkkalsld.xyz

c1.microsoft.com

ctldl.windowsupdate.com

195.123.209.122

185.82.218.23

5.34.183.180

bloombergdalas.xyz

groovermanikos.xyz

kadskasdjlkewrjk.xyz
Attributes
  • build

    250177

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      SecuriteInfo.com.W32.AIDetect.malware1.29648.1313

    • Size

      283KB

    • MD5

      7270108facd5a2a3f767ef0605cf2572

    • SHA1

      cba5906ccfe6346aea95dd6423c4a6c4f1231771

    • SHA256

      33b931c8f19d3ef8b354cc7ca24ebfbb2cdf2b83e5717b1dd7c81cef80238591

    • SHA512

      6652d34b3fcb93f9632222a90bbc6f4605c045a38081ed2414ad1efae3e5513b94b6b24357ec593cde1c7e75fa7e8dfc8f917bb8ce459d8a6a8a602785fc630b

    Score
    10/10
    gozi_ifsb6565bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Remote System Discovery

2
T1018

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks