gozi_ifsb | 3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832 | Triage

Submit
Reports

Overview

overview

Static

static

8

3af18232a9...32.exe

windows7_x64

3af18232a9...32.exe

windows10-2004_x64

Sharing

General

Target

3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
Size

345KB
Sample

220703-wyq4labgcn
MD5

4da11c829f8fea1b690f317837af8387
SHA1

00c6ce1031f88b5276a5335e68fba663e769dadd
SHA256

3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
SHA512

dfa1e0fe39a8262d987516556d78e395ea7f01cbbfa471296e9f3352c4ae8b80a3305c21352a8ea67e25bd2047edcb30dfe0c319671f9daab86e79f8a781b2d5

Score

10^/10

gozi_ifsb banker trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832.exe

Resource

win7-20220414-en

gozi_ifsb banker trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832.exe

Resource

win10v2004-20220414-en

gozi_ifsb banker trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
- Size
  
  345KB
- MD5
  
  4da11c829f8fea1b690f317837af8387
- SHA1
  
  00c6ce1031f88b5276a5335e68fba663e769dadd
- SHA256
  
  3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
- SHA512
  
  dfa1e0fe39a8262d987516556d78e395ea7f01cbbfa471296e9f3352c4ae8b80a3305c21352a8ea67e25bd2047edcb30dfe0c319671f9daab86e79f8a781b2d5
Score

10^/10

gozi_ifsb banker trojan upx
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojanupx

behavioral2

gozi_ifsbbankertrojanupx

© 2018-2024

Terms | Privacy