Overview

overview

10

Static

static

5343f42db6...f4.dll

windows7_x64

10

5343f42db6...f4.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5343f42db6381300f2c970f86feaa7f4

  • Size

    226KB

  • Sample

    220630-hzcqpsggcj

  • MD5

    e84631873c87ac0af8a0a0802afaafb3

  • SHA1

    d6a37d21ea7bf956a086c03ccbeeb84ffeb758a3

  • SHA256

    64d2a023b1208a01375af17e3b02ff7eebae76d3a35ece915c52e5d7a021edc9

  • SHA512

    3a7da6eab40d580946d7eb01d1bab1920d5eb04044d52fb48300ea9dfd9e057c367f4605065841bdac82b288696a7142b66a6059281118f42a5244be14c94793

Score
10/10
gozi_ifsb3000bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

194.76.225.112

194.76.225.113

46.21.153.203
Attributes
  • base_path

    /drew/

  • build

    250239

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      5343f42db6381300f2c970f86feaa7f4

    • Size

      226KB

    • MD5

      e84631873c87ac0af8a0a0802afaafb3

    • SHA1

      d6a37d21ea7bf956a086c03ccbeeb84ffeb758a3

    • SHA256

      64d2a023b1208a01375af17e3b02ff7eebae76d3a35ece915c52e5d7a021edc9

    • SHA512

      3a7da6eab40d580946d7eb01d1bab1920d5eb04044d52fb48300ea9dfd9e057c367f4605065841bdac82b288696a7142b66a6059281118f42a5244be14c94793

    Score
    10/10
    gozi_ifsb3000bankertrojansuricata

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks