gozi_ifsb | 5e7f200f26fb2fc09ca80862fc6bec38f7d539aada080af6461771f9233c054f | Triage

Submit
Reports

Overview

overview

Static

static

5fd9d7ec9e7aetar.dll

windows7_x64

5fd9d7ec9e7aetar.dll

windows10_x64

Sharing

General

Target

5fd9d7ec9e7aetar.dll
Size

221KB
Sample

201216-4gz5es7acn
MD5

7d675f9a252b26cd655607ae8b36c3e9
SHA1

522894a5e30417192c053579d583ff7a690316a7
SHA256

5e7f200f26fb2fc09ca80862fc6bec38f7d539aada080af6461771f9233c054f
SHA512

d0775639c2626d5edcb0bc0e56c1a7ae3b383e39ed4c545d52e05f7af5199310515bfd1f35f6af6d900513aabd48c9efa46849670e2c90bc478f86780fa9e44b

Score

10^/10

gozi_ifsb banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

5fd9d7ec9e7aetar.dll

Resource

win7v20201028

gozi_ifsb banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5fd9d7ec9e7aetar.dll

Resource

win10v20201028

gozi_ifsb banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5fd9d7ec9e7aetar.dll
- Size
  
  221KB
- MD5
  
  7d675f9a252b26cd655607ae8b36c3e9
- SHA1
  
  522894a5e30417192c053579d583ff7a690316a7
- SHA256
  
  5e7f200f26fb2fc09ca80862fc6bec38f7d539aada080af6461771f9233c054f
- SHA512
  
  d0775639c2626d5edcb0bc0e56c1a7ae3b383e39ed4c545d52e05f7af5199310515bfd1f35f6af6d900513aabd48c9efa46849670e2c90bc478f86780fa9e44b
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan

© 2018-2024

Terms | Privacy