Description
Gozi ISFB is a well-known and widely distributed banking trojan.
87726003343d1e14d3095bcdd372f4a3.exe
729KB
211109-qx9lnacdek
87726003343d1e14d3095bcdd372f4a3
da2823d54ca0d6509d9f952d324e07d267ee1ed0
038152eae96d57cb15d542b84755d9feadee7d2012fc183a1937c448c211671e
9eada47d8b570bf15d5a3bcdb7e5946d5c1143856af64cb0fe417036fac9d1a30c15dc4df7a725bfa3fa9241bcaa4161b7bb12653bb94d8d50d7b5700f6c8c67
Family | socelars |
C2 |
http://www.hhgenice.top/ |
Family | xloader |
Version | 2.5 |
Campaign | s0iw |
C2 |
http://www.kyiejenner.com/s0iw/ |
Decoy |
ortopediamodelo.com orimshirts.store universecatholicweekly.info yvettechan.com sersaudavelsempre.online face-booking.net europeanretailgroup.com umofan.com roemahbajumuslim.online joyrosecuisine.net 3dmaker.house megdb.xyz stereoshopie.info gv5rm.com tdc-trust.com mcglobal.club choral.works onlineconsultantgroup.com friscopaintandbody.com midwestii.com weespiel.com babyshell.be gwynora.com talkthered.com f-punk.com frankmatlock.com clique-solicite.net clientloyaltysystem.com worldbyduco.com kampfsport-erfurt.com adndpanel.xyz rocknfamily.net ambr-creative.com wwwks8829.com thuexegiarehcmgoviet.com brentmurrell.art wolf-yachts.com tenpobiz.com binnamall.com crestamarti.quest terry-hitchcock.com ocreverseteam.com taxwarehouse2.xyz megawholesalesystem.com epstein-advisory.com enewlaunches.com iphone13.community pianostands.com newspaper.clinic alamdave.com |
Family | vidar |
Version | 48.1 |
Botnet | 937 |
Attributes |
profile_id 937 |
Family | redline |
Botnet | 20kinstallov |
C2 |
95.217.123.66:57358 |
Family | redline |
Botnet | leyla01 |
C2 |
135.181.129.119:4805 |
87726003343d1e14d3095bcdd372f4a3.exe
87726003343d1e14d3095bcdd372f4a3
729KB
da2823d54ca0d6509d9f952d324e07d267ee1ed0
038152eae96d57cb15d542b84755d9feadee7d2012fc183a1937c448c211671e
9eada47d8b570bf15d5a3bcdb7e5946d5c1143856af64cb0fe417036fac9d1a30c15dc4df7a725bfa3fa9241bcaa4161b7bb12653bb94d8d50d7b5700f6c8c67
Gozi ISFB is a well-known and widely distributed banking trojan.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Socelars is an infostealer targeting browser cookies and credit card credentials.
Vidar is an infostealer based on Arkei stealer.
Xloader is a rebranded version of Formbook malware.
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Detects executables packed with VMProtect commercial packer.
Looks up country code configured in the registry, likely geofence.
Infostealers often target stored browser data, which can include saved credentials etc.
Detects Themida, an advanced Windows software protection system.
Uses a legitimate IP lookup service to find the infected system's external IP.
Uses a legitimate geolocation service to find the infected system's geolocation info.