General
-
Target
b5b222a05156ea8b3c47a1a5da567d191cc8e7a546f2b0edab08a5956ad73ade.bin.sample
-
Size
838KB
-
Sample
211022-k4glkaccdl
-
MD5
5cd80a6332974451ccdaa37c11993cc9
-
SHA1
d5577ac65719ece5d37277a3d2451ab2855979ee
-
SHA256
b5b222a05156ea8b3c47a1a5da567d191cc8e7a546f2b0edab08a5956ad73ade
-
SHA512
1f29b0bbbd86b4783e0f05e69f037df7719d2ecae76839a902d74579b09f2b4ca0a1ba7e7305a42642a7a99f416a29a6617d96e72c2ee99a2f8eaff36556e886
Malware Config
Extracted
gozi_ifsb
-
build
216881
Targets
-
-
Target
b5b222a05156ea8b3c47a1a5da567d191cc8e7a546f2b0edab08a5956ad73ade.bin.sample
-
Size
838KB
-
MD5
5cd80a6332974451ccdaa37c11993cc9
-
SHA1
d5577ac65719ece5d37277a3d2451ab2855979ee
-
SHA256
b5b222a05156ea8b3c47a1a5da567d191cc8e7a546f2b0edab08a5956ad73ade
-
SHA512
1f29b0bbbd86b4783e0f05e69f037df7719d2ecae76839a902d74579b09f2b4ca0a1ba7e7305a42642a7a99f416a29a6617d96e72c2ee99a2f8eaff36556e886
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
suricata: ET MALWARE Ursnif Variant CnC Beacon
suricata: ET MALWARE Ursnif Variant CnC Beacon
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-