gozi_ifsb | 9a752f4b373e32ef86ead4516cceb238bdef9519191922abf5141261b13c38f3 | Triage

Submit
Reports

Overview

overview

Static

static

ordine.12.20.doc

windows7_x64

ordine.12.20.doc

windows10_x64

8

Sharing

General

Target

ordine.12.20.doc
Size

91KB
Sample

201203-81wnlbptjx
MD5

d877528f01cafe6d9401c89e4c4799a5
SHA1

10836e28ae5184ae004c3b60159c2e994832c90c
SHA256

9a752f4b373e32ef86ead4516cceb238bdef9519191922abf5141261b13c38f3
SHA512

c33b67bebe288ed9718f6485fb0ac3a46bdcaf0726bf37b378b1ed8920450cabc22b7cd57b3a6dc6f9daeedca6929e899f4b49969d674ed865211dd121a02bc4

Score

10^/10

gozi_ifsb banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

ordine.12.20.doc

Resource

win7v20201028

gozi_ifsb banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ordine.12.20.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ordine.12.20.doc
- Size
  
  91KB
- MD5
  
  d877528f01cafe6d9401c89e4c4799a5
- SHA1
  
  10836e28ae5184ae004c3b60159c2e994832c90c
- SHA256
  
  9a752f4b373e32ef86ead4516cceb238bdef9519191922abf5141261b13c38f3
- SHA512
  
  c33b67bebe288ed9718f6485fb0ac3a46bdcaf0726bf37b378b1ed8920450cabc22b7cd57b3a6dc6f9daeedca6929e899f4b49969d674ed865211dd121a02bc4
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

© 2018-2024

Terms | Privacy