Overview

overview

10

Static

static

627eb63f8a...88.dll

windows7_x64

10

627eb63f8a...88.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188

  • Size

    133KB

  • Sample

    211130-qk92nafadp

  • MD5

    099933e55bc8d3f2b674b737f8a533c9

  • SHA1

    a7841a275c957e007ed20b088455c577bbe88c40

  • SHA256

    627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188

  • SHA512

    7b04ed8fc6892deb6c571d54c306e94ed5082644555ff74e3a3d8cd83459d49366075c3c770e7ce720176c09162d01a67ebe6e565ffb4619ac4ea5627a800fe6

Score
10/10
gozi_ifsb8899bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

bvolebukoneh.site

karfaganda.com
Attributes
  • build

    260216

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188

    • Size

      133KB

    • MD5

      099933e55bc8d3f2b674b737f8a533c9

    • SHA1

      a7841a275c957e007ed20b088455c577bbe88c40

    • SHA256

      627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188

    • SHA512

      7b04ed8fc6892deb6c571d54c306e94ed5082644555ff74e3a3d8cd83459d49366075c3c770e7ce720176c09162d01a67ebe6e565ffb4619ac4ea5627a800fe6

    Score
    10/10
    gozi_ifsb8899bankertrojansuricata

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks