gozi_ifsb | 9f99d05717a675f039e6d2cb5f20f5c3c652f19bcc1255eda71a627f3a74ccc3 | Triage

Sharing

General

Target

b58bd807a9d6813d5585f45d4dfb0f3a
Size

250KB
Sample

201214-ckabwjwn9x
MD5

b58bd807a9d6813d5585f45d4dfb0f3a
SHA1

fba5bbc9f19d37b09a5d9837cf613a02faedc696
SHA256

9f99d05717a675f039e6d2cb5f20f5c3c652f19bcc1255eda71a627f3a74ccc3
SHA512

cbcc861aa261e3e1c15924253422c7e37d586ff02f875a6b6bad727ae950580caa4cf32d7c28d0aa777ef19747478ebe5b7561ec0cefb7f07c9b5c59698681fb

Score

10^/10

gozi_ifsb banker persistence trojan

Malware Config

Targets

- Target
  
  b58bd807a9d6813d5585f45d4dfb0f3a
- Size
  
  250KB
- MD5
  
  b58bd807a9d6813d5585f45d4dfb0f3a
- SHA1
  
  fba5bbc9f19d37b09a5d9837cf613a02faedc696
- SHA256
  
  9f99d05717a675f039e6d2cb5f20f5c3c652f19bcc1255eda71a627f3a74ccc3
- SHA512
  
  cbcc861aa261e3e1c15924253422c7e37d586ff02f875a6b6bad727ae950580caa4cf32d7c28d0aa777ef19747478ebe5b7561ec0cefb7f07c9b5c59698681fb
Score

10^/10

gozi_ifsb banker persistence trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerpersistencetrojan

behavioral2

gozi_ifsbbankerpersistencetrojan