gozi_ifsb | 77e3afaec1b7b091e7f1fd3bbfac6aa65216e60d6b6f3c866304913278470f61 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...42.exe

windows7_x64

SecuriteIn...42.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.W32.AIDetect.malware1.9324.25842
Size

283KB
Sample

210226-9lt1s4wmlx
MD5

e77b724a59e7acc345bbb96925491c5b
SHA1

bc3db6af596f304b1b4f03117587148897ab67cf
SHA256

77e3afaec1b7b091e7f1fd3bbfac6aa65216e60d6b6f3c866304913278470f61
SHA512

e44e6bdc037466ee2519b2b684e34c303d2eeb1cf4daa5036355f695b2499f5fb97f99c64bb48e77e83c6fffa979fc19d26947c3120d61cf4c29af71f6e55fbc

Score

10^/10

gozi_ifsb 6565 banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.W32.AIDetect.malware1.9324.25842.exe

Resource

win7v20201028

gozi_ifsb 6565 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.W32.AIDetect.malware1.9324.25842.exe

Resource

win10v20201028

gozi_ifsb 6565 banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6565

C2

updates.microsoft.com

klounisoronws.xyz

darwikalldkkalsld.xyz

c1.microsoft.com

ctldl.windowsupdate.com

195.123.209.122

185.82.218.23

5.34.183.180

bloombergdalas.xyz

groovermanikos.xyz

kadskasdjlkewrjk.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  SecuriteInfo.com.W32.AIDetect.malware1.9324.25842
- Size
  
  283KB
- MD5
  
  e77b724a59e7acc345bbb96925491c5b
- SHA1
  
  bc3db6af596f304b1b4f03117587148897ab67cf
- SHA256
  
  77e3afaec1b7b091e7f1fd3bbfac6aa65216e60d6b6f3c866304913278470f61
- SHA512
  
  e44e6bdc037466ee2519b2b684e34c303d2eeb1cf4daa5036355f695b2499f5fb97f99c64bb48e77e83c6fffa979fc19d26947c3120d61cf4c29af71f6e55fbc
Score

10^/10

gozi_ifsb 6565 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb6565bankertrojan

behavioral2

gozi_ifsb6565bankertrojan

© 2018-2024

Terms | Privacy