gozi_ifsb | 0819171ecacc60ce94d946b5f2d4939f4b27c2d9275feb439a40ef6e927473c2 | Triage

Submit
Reports

Overview

overview

Static

static

370f3fa547...56.dll

windows7_x64

370f3fa547...56.dll

windows10_x64

Sharing

General

Target

370f3fa54702d92f0e7d02c95a851756
Size

148KB
Sample

201117-pspr8jk57x
MD5

ef91330c62c1e86bc2943bfac963612a
SHA1

b108ee0247256e1be209a5c37bfda4e3c9cbf625
SHA256

0819171ecacc60ce94d946b5f2d4939f4b27c2d9275feb439a40ef6e927473c2
SHA512

98d20493f321203f6ef4f7ac75ddb789da401bacf0ba735e93f49ffc08561a488d4afa0ea89f2f9f4fbd5d941f16350ffda3bec4c8b90ea5a2ca4b174ac9d7dd

Score

10^/10

gozi_ifsb banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

370f3fa54702d92f0e7d02c95a851756.dll

Resource

win7v20201028

gozi_ifsb banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

370f3fa54702d92f0e7d02c95a851756.dll

Resource

win10v20201028

gozi_ifsb banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  370f3fa54702d92f0e7d02c95a851756
- Size
  
  148KB
- MD5
  
  ef91330c62c1e86bc2943bfac963612a
- SHA1
  
  b108ee0247256e1be209a5c37bfda4e3c9cbf625
- SHA256
  
  0819171ecacc60ce94d946b5f2d4939f4b27c2d9275feb439a40ef6e927473c2
- SHA512
  
  98d20493f321203f6ef4f7ac75ddb789da401bacf0ba735e93f49ffc08561a488d4afa0ea89f2f9f4fbd5d941f16350ffda3bec4c8b90ea5a2ca4b174ac9d7dd
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- JavaScript code in executable
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan

© 2018-2024

Terms | Privacy