gozi_ifsb | 472c6d7282d5ad1ea6b8aa3e66fd0b42c1ccf6086a33e16cbab93f423203e4d4 | Triage

Sharing

General

Target

48ac0f98a45009cdd0c1e94400ba6ca2.exe
Size

196KB
Sample

210301-p8nb2tfj2j
MD5

48ac0f98a45009cdd0c1e94400ba6ca2
SHA1

83f1b9efe965b7aa9410955e24dcbe5a750c23ee
SHA256

472c6d7282d5ad1ea6b8aa3e66fd0b42c1ccf6086a33e16cbab93f423203e4d4
SHA512

e256d7c2bb60e6e535f0510def35f433a31b1067b69befc8d13df25df1429e07254411ad6f8a85aaa7e068b3e7c68621ec55c27d484a12869212563baa96b7fd

Score

10^/10

gozi_ifsb 6565 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6565

C2

updates.microsoft.com

secureitname.xyz

treinsasde.xyz

Attributes

build
250186
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  48ac0f98a45009cdd0c1e94400ba6ca2.exe
- Size
  
  196KB
- MD5
  
  48ac0f98a45009cdd0c1e94400ba6ca2
- SHA1
  
  83f1b9efe965b7aa9410955e24dcbe5a750c23ee
- SHA256
  
  472c6d7282d5ad1ea6b8aa3e66fd0b42c1ccf6086a33e16cbab93f423203e4d4
- SHA512
  
  e256d7c2bb60e6e535f0510def35f433a31b1067b69befc8d13df25df1429e07254411ad6f8a85aaa7e068b3e7c68621ec55c27d484a12869212563baa96b7fd
Score

10^/10

gozi_ifsb 6565 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb6565bankertrojan

behavioral2

gozi_ifsb6565bankertrojan