Gozi/Ursnif Banking Trojan targets Italy

1. Gozi/Ursnif Banking Trojan targets Italy
2.  
3. Malspam:
4. Oggetto:
5. “Re: Letto: Auguri Pasqua <NOME-ORG-MITTENTE>”
6. “Programma assicurativo <NOME-ORG-DESTINATARIO>”
7.  
8. Allegato:
9. “Richiesta.doc”
10. “BIG_Richiesta.doc” (o altre variazioni di prefisso)
11.  
12. DropUrl:
13. 66.55.129[.196
14. auwhguahsdusahdsd[.com
15. hxxp:// auwhguahsdusahdsd[.com/REX/freddie.php?l=itnerd
16. hxxp:// auwhguahsdusahdsd[.com/REX/slick.php?utma=itnerc
17. hxxp:// auwhguahsdusahdsd[.com/NOC/itnera.class
18. hxxp:// auwhguahsdusahdsd[.com/NOC/itnerb.class
19. hxxp:// auwhguahsdusahdsd[.com/NOC/itnerc.class
20. hxxp:// auwhguahsdusahdsd[.com/NOC/itnerd.class
21.  
22. C2 (https):
23. 206.221.181[.251
24. bungisdiqndwijgnqwdok[.net
25. 66.55.129[.199
26. fwqfqkghsdjefgguhnasd[.net
27. omanghqhernafhvzhzxc[.com
28.  
29. Hash:
30. 100d5f69d62457f56ac013dfeb360c7a7fcb552f7aa8b9e0991420a1e0775057 doc
31. e23dbab02d02b46b380dcbb2f56cc6220d0449fde2075bfffabbe8588a25e2e9 doc
32. b618538a3e54a16b6d2b688202cb7866be5748bc57e7ac022aaa4d7cb9a61363 doc
33. 8b35505d4ad5f645f3130f89d2ebbaf39c74682cb3acee2f5a4a139cea2d5e20 hta
34. 0cbe0ac5a400dfc5bf5504805b8529ba010b2df702558693811ae4aa64202271 exe
35. c552cab5bdcbdadf35e49012792a81b757700b7d991a69a78f591277f1bf2abc exe