gozi_ifsb | 00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-10-2022 23:08

Target

00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1.exe
Size

392KB
MD5

64b58ecac6319443fd82a68bbc6593c0
SHA1

2132465f14b8910d650fc432e07d505a277ba33d
SHA256

00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1
SHA512

b0692d77fedb5789a5602420e85a2e4bb6c4cda4ea5d0e4ecfe2b1dd2844a28dff5c6a0537187f9269bbeefceb199a3bfa4867f41ca55107362c450ecb9d0e2b
SSDEEP

6144:VoBJ469J803mzXLavaHWydKiztOdIRzduOqPxPmMoemVdDq:VoBC6uiWZ5zt8IvuxeM5mVh

Score

10^/10

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Suspicious use of UnmapMainImage 1 IoCs

Processes:

00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1.exe

pid	Process
1636	00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1.exe

C:\Users\Admin\AppData\Local\Temp\00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1.exe
"C:\Users\Admin\AppData\Local\Temp\00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1.exe"
1⤵
- Suspicious use of UnmapMainImage
PID:1636

memory/1636-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/1636-55-0x0000000000230000-0x0000000000269000-memory.dmp

Filesize
228KB

Download
memory/1636-56-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/1636-57-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download