General
-
Target
6.tar
-
Size
544KB
-
Sample
210823-93dss7672j
-
MD5
ed60097b0bca7f9c4649ba5d5a088fc9
-
SHA1
19b5c95728b212a75adf3e4d2932f411f6c68f9d
-
SHA256
a5540f6dd0f7761dd3f7e52f5e1d25332b99d95cccf63401d202406160948750
-
SHA512
0b505fd6aeea6d2ccab97a5989357985b8bc5081dd2fd7801fb8b7cfd201d4479ad256bf35acf04ad41e9b972a7a6ebd41ba593b083cfdae29f78ebd29d19340
Malware Config
Extracted
gozi_ifsb
8877
outlook.com
xaaorunokee.site
taaorunokee.site
-
build
250212
-
dga_season
10
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
6.tar
-
Size
544KB
-
MD5
ed60097b0bca7f9c4649ba5d5a088fc9
-
SHA1
19b5c95728b212a75adf3e4d2932f411f6c68f9d
-
SHA256
a5540f6dd0f7761dd3f7e52f5e1d25332b99d95cccf63401d202406160948750
-
SHA512
0b505fd6aeea6d2ccab97a5989357985b8bc5081dd2fd7801fb8b7cfd201d4479ad256bf35acf04ad41e9b972a7a6ebd41ba593b083cfdae29f78ebd29d19340
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Blocklisted process makes network request
-