gozi_ifsb | 09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285 | Triage

Resubmissions

27-10-2021 11:33

211027-npbnjseeh6 10

04-02-2021 15:53

210204-ry8nav1e26 10

22-01-2021 18:03

210122-wbsmxw8v7s 10

Sharing

General

Target

out.dll
Size

95KB
Sample

210122-wbsmxw8v7s
MD5

2ff0ff62b5cf7e7097f75a37492f02f8
SHA1

9d60d24299762f4aa7fa71838b58e4e747b95df6
SHA256

09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285
SHA512

dc9a5422b9f49910db2ad66d4b4d010fb538e6c12e214c33b4b5ee3c5b96591d251b17d9ff99a7dea83b25b62e6ec521a7292471f42def6cb00b2fa139a9eea6

Score

10^/10

gozi_ifsb banker ransomware trojan

Malware Config

Targets

- Target
  
  out.dll
- Size
  
  95KB
- MD5
  
  2ff0ff62b5cf7e7097f75a37492f02f8
- SHA1
  
  9d60d24299762f4aa7fa71838b58e4e747b95df6
- SHA256
  
  09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285
- SHA512
  
  dc9a5422b9f49910db2ad66d4b4d010fb538e6c12e214c33b4b5ee3c5b96591d251b17d9ff99a7dea83b25b62e6ec521a7292471f42def6cb00b2fa139a9eea6
Score

10^/10

gozi_ifsb banker trojan ransomware
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankerransomwaretrojan