Overview

overview

10

Static

static

codec.dll

windows7_x64

10

codec.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    codec.dll

  • Size

    345KB

  • Sample

    210923-tcxyxaefdn

  • MD5

    e7ac180e8217a97505fee5b06709d331

  • SHA1

    85b078b46c648ec00de6e1952e4d165edbbc878e

  • SHA256

    d5fe3f6846ca1f5e09e94d66a816c3fc00634013ca7bf9e35361bd185a27c395

  • SHA512

    cbdab6a7e967cccb6b5cd2e611b479b367ee3b160936ec697a6c929f8ad47f767a7c427afea04e192421f1c064b00773cd53344981755bd56a6448280ac09fe5

Score
10/10
gozi_ifsb1500bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

apt.updateffboruse.com

app.updatebrouser.com
Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      codec.dll

    • Size

      345KB

    • MD5

      e7ac180e8217a97505fee5b06709d331

    • SHA1

      85b078b46c648ec00de6e1952e4d165edbbc878e

    • SHA256

      d5fe3f6846ca1f5e09e94d66a816c3fc00634013ca7bf9e35361bd185a27c395

    • SHA512

      cbdab6a7e967cccb6b5cd2e611b479b367ee3b160936ec697a6c929f8ad47f767a7c427afea04e192421f1c064b00773cd53344981755bd56a6448280ac09fe5

    Score
    10/10
    gozi_ifsb1500bankertrojansuricata

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks