gozi_ifsb | 8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7 | Triage

Sharing

General

Target

221.dll
Size

216KB
Sample

210212-r2l9e4j566
MD5

06ddae0e67a048aff8829413a7903bec
SHA1

aee60f4e070f845183b59f16dad84a72733e4d0a
SHA256

8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7
SHA512

8dbecf12c003a996f4f41e9e087531a3c6e1572aaf6f4e6e0538d155febb3c5b20fe8cf0b267716091f5db656a95d5de9254fc911056883380589863d899e1bd

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  221.dll
- Size
  
  216KB
- MD5
  
  06ddae0e67a048aff8829413a7903bec
- SHA1
  
  aee60f4e070f845183b59f16dad84a72733e4d0a
- SHA256
  
  8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7
- SHA512
  
  8dbecf12c003a996f4f41e9e087531a3c6e1572aaf6f4e6e0538d155febb3c5b20fe8cf0b267716091f5db656a95d5de9254fc911056883380589863d899e1bd
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankertrojan