Overview

overview

10

Static

static

beneficial.odt.dll

windows7_x64

10

beneficial.odt.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beneficial.odt

  • Size

    643KB

  • Sample

    210731-s53a3se1ej

  • MD5

    9f9830791b377db452e376b1f5b7a609

  • SHA1

    4a7bb8bf507fbcd55aad260b9de7aad24a8ce83a

  • SHA256

    e1eccd1c27d390a9b08fe3314e450b97348d36fccf0cdada901edf9270a503bd

  • SHA512

    10a948089c3a6989db5c62091f76309e3c7b8ad884cd09fa5c914ae7ac5981831e618d2ee9d5d412f8ef79616d60e03f13250d074f713d21f50a3db4e74b5b7c

Score
10/10
gozi_ifsb1500bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at
Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      beneficial.odt

    • Size

      643KB

    • MD5

      9f9830791b377db452e376b1f5b7a609

    • SHA1

      4a7bb8bf507fbcd55aad260b9de7aad24a8ce83a

    • SHA256

      e1eccd1c27d390a9b08fe3314e450b97348d36fccf0cdada901edf9270a503bd

    • SHA512

      10a948089c3a6989db5c62091f76309e3c7b8ad884cd09fa5c914ae7ac5981831e618d2ee9d5d412f8ef79616d60e03f13250d074f713d21f50a3db4e74b5b7c

    Score
    10/10
    gozi_ifsb1500bankertrojansuricata

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks