Overview

overview

10

Static

static

61641459e0...ff.dll

windows7_x64

10

61641459e0...ff.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61641459e0366.tiff

  • Size

    701KB

  • Sample

    211011-mqqy7aghfk

  • MD5

    394afc3467913bb431bd51dcf73a6ecc

  • SHA1

    903a81405b9f4dd02c49b72e6ef409b51ee42710

  • SHA256

    301c87f66843ea0e9e8b455a212870b82b64559bfc1594f86217af077dfd0ecc

  • SHA512

    4399be58333147bcbd4c1aae2e473a69dce243c1d6e849bb2c7b6b7ecb37dc6c4d501bf862bb4580462808cd1fbbb9d40c67c3c1f912e961a2c2d5698f0beead

Score
10/10
gozi_ifsb8899bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

breuranel.website

outlook.com/signup

areuranel.website
Attributes
  • build

    260212

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      61641459e0366.tiff

    • Size

      701KB

    • MD5

      394afc3467913bb431bd51dcf73a6ecc

    • SHA1

      903a81405b9f4dd02c49b72e6ef409b51ee42710

    • SHA256

      301c87f66843ea0e9e8b455a212870b82b64559bfc1594f86217af077dfd0ecc

    • SHA512

      4399be58333147bcbd4c1aae2e473a69dce243c1d6e849bb2c7b6b7ecb37dc6c4d501bf862bb4580462808cd1fbbb9d40c67c3c1f912e961a2c2d5698f0beead

    Score
    10/10
    gozi_ifsb8899bankertrojansuricata

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks