gozi_ifsb | 236491cfe870f6b374d80e427ef8f8bfbf24f50d4029128b001d95c8c90845cb | Triage

Resubmissions

16-02-2021 11:24

210216-8sa4xvae2j 10

Sharing

General

Target

1.exe
Size

332KB
Sample

210216-8sa4xvae2j
MD5

bb6172739040ab04a078a1c61ef9a4e7
SHA1

34d6680a4ae007b81273196a7c0fc282903562f1
SHA256

236491cfe870f6b374d80e427ef8f8bfbf24f50d4029128b001d95c8c90845cb
SHA512

35e155dd1f5a16c4f87c8c86454518f481120d9fc390be0dfa2bc4e6f1895b83c10b0675b0ad221bf215dd6d43f84b278f7fa9256934400eaa603a04a6dfb875

Score

10^/10

gozi_ifsb 7555 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7555

C2

c.s-microsoft.com

ajax.googleapis.com

greatewallfirewall.xyz

185.186.244.130

booloolo2.com

37.120.222.107

Attributes

build
251173
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  1.exe
- Size
  
  332KB
- MD5
  
  bb6172739040ab04a078a1c61ef9a4e7
- SHA1
  
  34d6680a4ae007b81273196a7c0fc282903562f1
- SHA256
  
  236491cfe870f6b374d80e427ef8f8bfbf24f50d4029128b001d95c8c90845cb
- SHA512
  
  35e155dd1f5a16c4f87c8c86454518f481120d9fc390be0dfa2bc4e6f1895b83c10b0675b0ad221bf215dd6d43f84b278f7fa9256934400eaa603a04a6dfb875
Score

10^/10

gozi_ifsb 7555 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb7555bankertrojan

behavioral2

gozi_ifsb7555bankertrojan