gozi_ifsb | 9c51cbe4681facc34623aeca27a18dbaa6db1337990a0e003b7c9babeb06c1eb | Triage

Sharing

General

Target

yytr.png
Size

463KB
Sample

210211-3ttsec2j32
MD5

ba2befa9c70c2b6d779c48a59cece3e5
SHA1

4c855f80076e357d35c7d60cd52d2c49abefc5ff
SHA256

9c51cbe4681facc34623aeca27a18dbaa6db1337990a0e003b7c9babeb06c1eb
SHA512

bdc4e33de9de4cf27d1df05e22163c6a3ef0d2406d80cb51db34139bf08cc3a923b079686fbc0a1b359ee46447eb0583c3343360d7e755179e9661c4a503047e

Score

10^/10

gozi_ifsb 3131 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3131

C2

c.s-microsoft.com

firebaseremoteconfig.googleapis.com

pronpepsipirpyamvioerd.com

80.208.230.180

Attributes

build
250177
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  yytr.png
- Size
  
  463KB
- MD5
  
  ba2befa9c70c2b6d779c48a59cece3e5
- SHA1
  
  4c855f80076e357d35c7d60cd52d2c49abefc5ff
- SHA256
  
  9c51cbe4681facc34623aeca27a18dbaa6db1337990a0e003b7c9babeb06c1eb
- SHA512
  
  bdc4e33de9de4cf27d1df05e22163c6a3ef0d2406d80cb51db34139bf08cc3a923b079686fbc0a1b359ee46447eb0583c3343360d7e755179e9661c4a503047e
Score

10^/10

gozi_ifsb 3131 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3131bankertrojan

behavioral2

gozi_ifsb3131bankertrojan