General

  • Target

    ismvxl.woc

  • Size

    419KB

  • Sample

    210419-cg9xqp5hz2

  • MD5

    5a52b1494c7929a2ef4d2e6d485358e8

  • SHA1

    a78dbd06aef4815e272f476695989706a5432e8d

  • SHA256

    e4fdba0b24b4184ddafe6add29b6d3415e26422e3752a81d049cb888791aabf3

  • SHA512

    d9d76e7ef16394af4576f187cab4fc5e6653c62c4bb092a76a4c0cc4d9209f31b13eeed3533d5e13c969bc7cc7fcd436867cca345fd3677f953f488a91b0eb25

Score
10/10

Malware Config

Targets

    • Target

      ismvxl.woc

    • Size

      419KB

    • MD5

      5a52b1494c7929a2ef4d2e6d485358e8

    • SHA1

      a78dbd06aef4815e272f476695989706a5432e8d

    • SHA256

      e4fdba0b24b4184ddafe6add29b6d3415e26422e3752a81d049cb888791aabf3

    • SHA512

      d9d76e7ef16394af4576f187cab4fc5e6653c62c4bb092a76a4c0cc4d9209f31b13eeed3533d5e13c969bc7cc7fcd436867cca345fd3677f953f488a91b0eb25

    Score
    10/10
    • Gozi RM3

      A heavily modified version of Gozi using RM3 loader.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks