Overview

overview

10

Static

static

a581b527e4...4d.exe

windows7_x64

10

a581b527e4...4d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a581b527e44fdebb3f62b184e4df5a4d.exe

  • Size

    463KB

  • Sample

    210226-hwtake8y26

  • MD5

    a581b527e44fdebb3f62b184e4df5a4d

  • SHA1

    96e3f0842e5e6e01659d8b6fa8f63313fd089508

  • SHA256

    d7b185cdc7b58c419814ecbf667db1307587b1949e8f107fd80e16af446196d4

  • SHA512

    cde0e83e044f2188dc604938c6b7aa1e8f41ffef95ca0255fdd4e31a7a6d82e28834d491c6b5ac244398e0bb5c82e40a8f8ff052c380327c4443d0fd1cd6d09f

Score
10/10
gozi_ifsbraccoon563129eb2a69de0d6dd4671019520d08f6eb48306565bankerdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

563129eb2a69de0d6dd4671019520d08f6eb4830

Attributes
  • url4cnc

    https://telete.in/bItalianoespanol

rc4.plain
rc4.plain

Extracted

Family

gozi_ifsb

Botnet

6565

C2

updates.microsoft.com

klounisoronws.xyz

darwikalldkkalsld.xyz
Attributes
  • build

    250177

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      a581b527e44fdebb3f62b184e4df5a4d.exe

    • Size

      463KB

    • MD5

      a581b527e44fdebb3f62b184e4df5a4d

    • SHA1

      96e3f0842e5e6e01659d8b6fa8f63313fd089508

    • SHA256

      d7b185cdc7b58c419814ecbf667db1307587b1949e8f107fd80e16af446196d4

    • SHA512

      cde0e83e044f2188dc604938c6b7aa1e8f41ffef95ca0255fdd4e31a7a6d82e28834d491c6b5ac244398e0bb5c82e40a8f8ff052c380327c4443d0fd1cd6d09f

    Score
    10/10
    gozi_ifsbraccoon563129eb2a69de0d6dd4671019520d08f6eb48306565bankerdiscoveryspywarestealertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks