Overview

overview

10

Static

static

615c1688eba62_pdf.dll

windows7_x64

10

615c1688eba62_pdf.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    615c1688eba62_pdf.dll

  • Size

    1.2MB

  • Sample

    211005-k56xvahef3

  • MD5

    48faf019fec69d9d4c5c1fd087bf42bb

  • SHA1

    fad47bf3d28874b86ef9fc3ca3f73e19b445e6a1

  • SHA256

    f68b7fa37be0ae601a95fb0369757160464b595af8b1f49b4f46eb3bb7a37e45

  • SHA512

    3de577b39ea770969db66244b130812537e00e693361f3e54d9556fefb07b1922d4f31874a86adc431951922b298aca3465d26a4a16be501f6ed573417812345

Score
10/10
gozi_ifsb8899bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/login

vloderuniok.website

gloderuniok.website
Attributes
  • build

    260212

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      615c1688eba62_pdf.dll

    • Size

      1.2MB

    • MD5

      48faf019fec69d9d4c5c1fd087bf42bb

    • SHA1

      fad47bf3d28874b86ef9fc3ca3f73e19b445e6a1

    • SHA256

      f68b7fa37be0ae601a95fb0369757160464b595af8b1f49b4f46eb3bb7a37e45

    • SHA512

      3de577b39ea770969db66244b130812537e00e693361f3e54d9556fefb07b1922d4f31874a86adc431951922b298aca3465d26a4a16be501f6ed573417812345

    Score
    10/10
    gozi_ifsb8899bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks