Overview

overview

10

Static

static

3

unbrandedbubble.exe

windows7-x64

10

unbrandedbubble.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unbrandedbubble.exe

  • Size

    6.6MB

  • Sample

    240809-gnbhtsxdmq

  • MD5

    f7c63d1407f5a0f9fd3616ce3439fc6c

  • SHA1

    8718841c27d61068729f340dc9a3c5a8578ab860

  • SHA256

    d73f1b079da78f771a522bb0dd2511e9c4fe1143c9fff04d530e4f90b3db7c10

  • SHA512

    2d1f3086a3d6f1d4c55a57e50c2ded3d7d959794f72e49ff0dcc16bdcb71e2eb745aa58f8b10c973edd64ce218ff5be8dbcff9197ec5408cf5811b5ccb9bd31f

  • SSDEEP

    196608:rP7TJGYJd/8Aob1Eu5W7TJGYJd/8Aob1Eu5:rPJvLsgJvLs

Score
10/10
gozipurecrypterbankerdiscoverydownloaderisfbloadertrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

purecrypter

C2

https://cdn.discordapp.com/attachments/1000747213397426258/1003112003574956072/upd_Awqcktbs.jpg

Targets

    • Target

      unbrandedbubble.exe

    • Size

      6.6MB

    • MD5

      f7c63d1407f5a0f9fd3616ce3439fc6c

    • SHA1

      8718841c27d61068729f340dc9a3c5a8578ab860

    • SHA256

      d73f1b079da78f771a522bb0dd2511e9c4fe1143c9fff04d530e4f90b3db7c10

    • SHA512

      2d1f3086a3d6f1d4c55a57e50c2ded3d7d959794f72e49ff0dcc16bdcb71e2eb745aa58f8b10c973edd64ce218ff5be8dbcff9197ec5408cf5811b5ccb9bd31f

    • SSDEEP

      196608:rP7TJGYJd/8Aob1Eu5W7TJGYJd/8Aob1Eu5:rPJvLsgJvLs

    Score
    10/10
    gozipurecrypterbankerdiscoverydownloaderisfbloadertrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks