gozi_ifsb | 5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4

Analysis

Target

5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
Size

658KB
MD5

5cecd52c5f7a3a95392c2065e22a65ab
SHA1

295c122ecaa4239532320f0deff4aa94ed92e207
SHA256

5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4
SHA512

a064a5bbd139b8115b37463904126aeab354facfe99c46bb1aed0f8dffabd91a03fe190772b9253f57f5061a75506018c12dfa0bcabee5e957151287bc2385a0

Score

10^/10

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4392	724	WerFault.exe	5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
4080	724	WerFault.exe	5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
1960	724	WerFault.exe	5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
4268	724	WerFault.exe	5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
2036	724	WerFault.exe	5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
4856	724	WerFault.exe	5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe

C:\Users\Admin\AppData\Local\Temp\5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
"C:\Users\Admin\AppData\Local\Temp\5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe"
1⤵
PID:724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 304
2⤵
- Program crash
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 312
2⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 320
2⤵
- Program crash
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 332
2⤵
- Program crash
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 320
2⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 372
2⤵
- Program crash
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 724 -ip 724
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 724 -ip 724
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 724 -ip 724
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 724 -ip 724
1⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 724 -ip 724
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 724 -ip 724
1⤵
PID:4784

memory/724-130-0x00000000007EC000-0x0000000000838000-memory.dmp

Filesize
304KB

Download
memory/724-131-0x0000000000760000-0x00000000007A9000-memory.dmp

Filesize
292KB

Download
memory/724-132-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/724-133-0x0000000000760000-0x00000000007A9000-memory.dmp

Filesize
292KB

Download
memory/724-134-0x0000000000B00000-0x0000000000B4A000-memory.dmp

Filesize
296KB

Download
memory/724-141-0x00000000007EC000-0x0000000000838000-memory.dmp

Filesize
304KB

Download
memory/724-142-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download