Overview

overview

10

Static

static

2.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pres.zip

  • Size

    844KB

  • Sample

    210908-wqdtasabar

  • MD5

    31ebf08fa99f055edd610e0fb3dcac1d

  • SHA1

    e46b3e56fc74e895f68725c8420390861e804a71

  • SHA256

    0502565190537573b065627711a01aa7f02a9e59b6c574c4888a91eafc483a04

  • SHA512

    f46335e44a7af7f592b71d230993c48cc17eff4f17e1c94210e4270dffe5f3d4c3dc37e5bcb76a428ed50a5c3986b65a23b3fa5289ee4370bbaaa6e278a70d28

Score
10/10
gozi_ifsb1500bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

atl.bigbigpoppa.com

pop.urlovedstuff.com
Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2.bat

    • Size

      5B

    • MD5

      53f31a089339194f333d2e3995dbb05e

    • SHA1

      d929c82d2ee727ccbea9c50c669a71075249899f

    • SHA256

      86b0c5a1e2b73b08fd54c727f4458649ed9fe3ad1b6e8ac9460c070113509a1e

    • SHA512

      d6f0e8c65e1fe60e81be2aee69b09b9a5df7519dff082cc4e51a705fb044a34db7198b40d480df0a048e32a7d2cf0c4090d64af123a5d852c21c8a35de4ff3fc

    Score
    10/10
    gozi_ifsb1500bankersuricatatrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks