gozi_ifsb | f30b3f53f613d953680fdde8faf35c96a25a1136d0dd6c7aab1cc14ee908702c | Triage

Sharing

General

Target

SecuriteInfo.com.BScope.TrojanBanker.IcedID.13045
Size

262KB
Sample

210219-lzexhf6wh6
MD5

a98649743626d197b440755061b1aac3
SHA1

8033ebd201645f713fb4ad48bf92e5da26bc8216
SHA256

f30b3f53f613d953680fdde8faf35c96a25a1136d0dd6c7aab1cc14ee908702c
SHA512

eebafe83c5232cbb641f0148ca6498e15af8d3eacbe51ece55d5dcbcb7c474a56dcbb013d4398bde5026d8198c503aa3ea9f3101fe26059b65e04d8c2ccbf03b

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  SecuriteInfo.com.BScope.TrojanBanker.IcedID.13045
- Size
  
  262KB
- MD5
  
  a98649743626d197b440755061b1aac3
- SHA1
  
  8033ebd201645f713fb4ad48bf92e5da26bc8216
- SHA256
  
  f30b3f53f613d953680fdde8faf35c96a25a1136d0dd6c7aab1cc14ee908702c
- SHA512
  
  eebafe83c5232cbb641f0148ca6498e15af8d3eacbe51ece55d5dcbcb7c474a56dcbb013d4398bde5026d8198c503aa3ea9f3101fe26059b65e04d8c2ccbf03b
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankertrojan