Overview

overview

10

Static

static

1

1130e8a4dc...4d.exe

windows7-x64

10

1130e8a4dc...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1130e8a4dc91f3b71db894d0088a9ef20422aa7d500b0291568d59c3c013fc4d

  • Size

    427KB

  • Sample

    221026-3w4egaaahl

  • MD5

    128b4eae516413e49231d33d51128e03

  • SHA1

    a3452df7ab16b4906f74fa3be88eb10d32d977d0

  • SHA256

    1130e8a4dc91f3b71db894d0088a9ef20422aa7d500b0291568d59c3c013fc4d

  • SHA512

    e097973687612afcb5a0adbb2e4e83755696d7b8ca2f75261651b613fe80b66ad2fe5a64cb80316928707fb7ff4cfbc45bcc457d460fab96384c46212c86eca8

  • SSDEEP

    12288:XoX1leppIDspwgjsCfTuQxc9jO/pj29DcH:XoDDsp1smcdO/pyaH

Score
10/10
gozi_ifsbbankertrojan

Malware Config

Targets

    • Target

      1130e8a4dc91f3b71db894d0088a9ef20422aa7d500b0291568d59c3c013fc4d

    • Size

      427KB

    • MD5

      128b4eae516413e49231d33d51128e03

    • SHA1

      a3452df7ab16b4906f74fa3be88eb10d32d977d0

    • SHA256

      1130e8a4dc91f3b71db894d0088a9ef20422aa7d500b0291568d59c3c013fc4d

    • SHA512

      e097973687612afcb5a0adbb2e4e83755696d7b8ca2f75261651b613fe80b66ad2fe5a64cb80316928707fb7ff4cfbc45bcc457d460fab96384c46212c86eca8

    • SSDEEP

      12288:XoX1leppIDspwgjsCfTuQxc9jO/pj29DcH:XoDDsp1smcdO/pyaH

    Score
    10/10
    gozi_ifsbbankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks