gozi_ifsb | 550baac0b4b99acf919e29a691523acb8c1b88277b1d2f2340b2e9dc37f9110a | Triage

Submit
Reports

Overview

overview

Static

static

ph0t0.dll

windows7_x64

ph0t0.dll

windows10_x64

Sharing

General

Target

ph0t0.dll
Size

202KB
Sample

201216-h82s563ksx
MD5

5715725f0d532d84a8c39a08f36814ec
SHA1

8e5068375871b21d1aad30b56362dd5ef38bf334
SHA256

550baac0b4b99acf919e29a691523acb8c1b88277b1d2f2340b2e9dc37f9110a
SHA512

b09ca6b7dff475bcee5bd675e4fac7b9827f067b2859912854fbe6277bd022db4810ece5172f9e3be0ec8ba01126c7b1eafc66fe4f3e362cfa0634a8f57dc18c

Score

10^/10

gozi_ifsb banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

ph0t0.dll

Resource

win7v20201028

gozi_ifsb banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ph0t0.dll

Resource

win10v20201028

gozi_ifsb banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ph0t0.dll
- Size
  
  202KB
- MD5
  
  5715725f0d532d84a8c39a08f36814ec
- SHA1
  
  8e5068375871b21d1aad30b56362dd5ef38bf334
- SHA256
  
  550baac0b4b99acf919e29a691523acb8c1b88277b1d2f2340b2e9dc37f9110a
- SHA512
  
  b09ca6b7dff475bcee5bd675e4fac7b9827f067b2859912854fbe6277bd022db4810ece5172f9e3be0ec8ba01126c7b1eafc66fe4f3e362cfa0634a8f57dc18c
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan

© 2018-2024

Terms | Privacy