General
-
Target
cb2e63e4e391785a2abfad65c73253a2d3565497a2d63b6b6212e598e71fe206
-
Size
796KB
-
Sample
221002-pfppgseeg9
-
MD5
64e7f48820019432231ec5df21b77590
-
SHA1
ed896286dbb394c5852108d41ad724d0a7a15dd3
-
SHA256
cb2e63e4e391785a2abfad65c73253a2d3565497a2d63b6b6212e598e71fe206
-
SHA512
865b34b3c8e42cbd4f65d432ae097fa4ad02b986eb2516283a4699ae9b96a33a5e7eda6ed7342795b0c7756246bfed2e617e0f13518f50f4aaf63893b9b1effb
-
SSDEEP
12288:j3wSIi2wCHSvaecxFHe3SPheHmWtunTYLbfxWK/vxmWDC+1BEOmqT1D589zGiIXT:TXIjDyvVFipeHmHTIxWIzC5q5y9z7Io
Malware Config
Targets
-
-
Target
cb2e63e4e391785a2abfad65c73253a2d3565497a2d63b6b6212e598e71fe206
-
Size
796KB
-
MD5
64e7f48820019432231ec5df21b77590
-
SHA1
ed896286dbb394c5852108d41ad724d0a7a15dd3
-
SHA256
cb2e63e4e391785a2abfad65c73253a2d3565497a2d63b6b6212e598e71fe206
-
SHA512
865b34b3c8e42cbd4f65d432ae097fa4ad02b986eb2516283a4699ae9b96a33a5e7eda6ed7342795b0c7756246bfed2e617e0f13518f50f4aaf63893b9b1effb
-
SSDEEP
12288:j3wSIi2wCHSvaecxFHe3SPheHmWtunTYLbfxWK/vxmWDC+1BEOmqT1D589zGiIXT:TXIjDyvVFipeHmHTIxWIzC5q5y9z7Io
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-