Overview

overview

10

Static

static

53f7d917ad...57.exe

windows7-x64

10

53f7d917ad...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457

  • Size

    1.1MB

  • Sample

    221027-drrgnsadc8

  • MD5

    879d9a2c75ee83443a0a913f5dc71b5c

  • SHA1

    41c124f8b5341773046ac9c6b5924b7919e0ac15

  • SHA256

    53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457

  • SHA512

    1f84756f6f30b6bff2cf3d5796549c96672e6fe4b6ebaa55f3b2d2f8e5ea034dd8086d5985f640f2c37b58eac0af089ab48ae5a730403e86b0939923b2f3c69a

  • SSDEEP

    24576:GmZ5G43EgTDD55vd9lTTwTJvLqWZlzSq05sRlKi9AwvjUkSSX:jZ5rEgPfd9lTmvLq2lY0l+0X

Score
10/10
gozi_ifsbbankercollectionpersistencetrojan

Malware Config

Targets

    • Target

      53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457

    • Size

      1.1MB

    • MD5

      879d9a2c75ee83443a0a913f5dc71b5c

    • SHA1

      41c124f8b5341773046ac9c6b5924b7919e0ac15

    • SHA256

      53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457

    • SHA512

      1f84756f6f30b6bff2cf3d5796549c96672e6fe4b6ebaa55f3b2d2f8e5ea034dd8086d5985f640f2c37b58eac0af089ab48ae5a730403e86b0939923b2f3c69a

    • SSDEEP

      24576:GmZ5G43EgTDD55vd9lTTwTJvLqWZlzSq05sRlKi9AwvjUkSSX:jZ5rEgPfd9lTmvLq2lY0l+0X

    Score
    10/10
    gozi_ifsbbankercollectiontrojanpersistence

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks