General

  • Target

    bd27fe96b334c81e8b62bda3121306619ca317dad8a971daf0639cb896953006

  • Size

    217KB

  • Sample

    220205-msxvhsaeg2

  • MD5

    9eae0b7cdeee4c07443f80b8bae7e56c

  • SHA1

    9a8e284bba018192052da78f94554779d52515b2

  • SHA256

    bd27fe96b334c81e8b62bda3121306619ca317dad8a971daf0639cb896953006

  • SHA512

    eb2faea0b94adad7a05a3cfdcb75868f4f252856661220b3683ac7968c6c87d2e086ba01e95b9803c2864da87ab3e7e61e6924ea724321fd013191c053cfeeb6

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214131

Targets

    • Target

      bd27fe96b334c81e8b62bda3121306619ca317dad8a971daf0639cb896953006

    • Size

      217KB

    • MD5

      9eae0b7cdeee4c07443f80b8bae7e56c

    • SHA1

      9a8e284bba018192052da78f94554779d52515b2

    • SHA256

      bd27fe96b334c81e8b62bda3121306619ca317dad8a971daf0639cb896953006

    • SHA512

      eb2faea0b94adad7a05a3cfdcb75868f4f252856661220b3683ac7968c6c87d2e086ba01e95b9803c2864da87ab3e7e61e6924ea724321fd013191c053cfeeb6

    Score
    10/10
    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Enterprise v6

Tasks