gozi_ifsb | 874342cb9571e9c05d9e29b415c42767df9ca677abfd9867ad23f966cdc6e80a | Triage

Sharing

General

Target

a088841ceeaee1306585579ef9a72980.dll
Size

286KB
Sample

210210-9rk4ylw342
MD5

a088841ceeaee1306585579ef9a72980
SHA1

fa643f530d8662b61ba459dae488332945e203a5
SHA256

874342cb9571e9c05d9e29b415c42767df9ca677abfd9867ad23f966cdc6e80a
SHA512

8f78fa6b0b76d3b11a1f0f6f2d990486e950d140dd5d692c3c8112643c730a47d83e93259bf362074b6c826f0a57dac81974b1d4e65fa9c0ddc981ac75cd3aa1

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  a088841ceeaee1306585579ef9a72980.dll
- Size
  
  286KB
- MD5
  
  a088841ceeaee1306585579ef9a72980
- SHA1
  
  fa643f530d8662b61ba459dae488332945e203a5
- SHA256
  
  874342cb9571e9c05d9e29b415c42767df9ca677abfd9867ad23f966cdc6e80a
- SHA512
  
  8f78fa6b0b76d3b11a1f0f6f2d990486e950d140dd5d692c3c8112643c730a47d83e93259bf362074b6c826f0a57dac81974b1d4e65fa9c0ddc981ac75cd3aa1
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankertrojan