Overview

overview

10

Static

static

9

ba71ddcab0...23.exe

windows7_x64

10

ba71ddcab0...23.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba71ddcab00697f42ccc7fc67c7a4fccb92f6b06ad02593a972d3beb8c01f723

  • Size

    590KB

  • Sample

    220201-lcg9fscahl

  • MD5

    523549ffdcb9b321a921707646508653

  • SHA1

    94808f20001137569b88877c3c757b151070f673

  • SHA256

    ba71ddcab00697f42ccc7fc67c7a4fccb92f6b06ad02593a972d3beb8c01f723

  • SHA512

    16c1ca1e2bda58d2981f15d3a9aec6ba92463d6ff186fa6b668f5683db5feb351d931118033a3a2ab6b1d8092a6ffdbb400ab369ca420effcc293b64c6120534

Score
10/10
gozi_ifsbbankercryptonepackersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    217123

Targets

    • Target

      ba71ddcab00697f42ccc7fc67c7a4fccb92f6b06ad02593a972d3beb8c01f723

    • Size

      590KB

    • MD5

      523549ffdcb9b321a921707646508653

    • SHA1

      94808f20001137569b88877c3c757b151070f673

    • SHA256

      ba71ddcab00697f42ccc7fc67c7a4fccb92f6b06ad02593a972d3beb8c01f723

    • SHA512

      16c1ca1e2bda58d2981f15d3a9aec6ba92463d6ff186fa6b668f5683db5feb351d931118033a3a2ab6b1d8092a6ffdbb400ab369ca420effcc293b64c6120534

    Score
    10/10
    gozi_ifsbbankersuricatatrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks