gozi_ifsb | 1592f542473e48b5a4ceac2f276254d0e8c4c7f820e500979f2a787bb6e32507 | Triage

Sharing

General

Target

b39a6f06e279f02fc14cefc4d13895b2.exe
Size

196KB
Sample

210301-ytfmx631aj
MD5

b39a6f06e279f02fc14cefc4d13895b2
SHA1

51a61bcddc41f5fba51d1d9ea85e156587867174
SHA256

1592f542473e48b5a4ceac2f276254d0e8c4c7f820e500979f2a787bb6e32507
SHA512

e950db78cd562fc83cd485f7544eb0acabe9f8ddc0ef9bbc782a56d0d04b0506c469f260acb2b78e6fc17cc392f3065162af084b08f0e865acb3896d67d30b60

Score

10^/10

gozi_ifsb 6565 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6565

C2

updates.microsoft.com

klounisoronws.xyz

darwikalldkkalsld.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  b39a6f06e279f02fc14cefc4d13895b2.exe
- Size
  
  196KB
- MD5
  
  b39a6f06e279f02fc14cefc4d13895b2
- SHA1
  
  51a61bcddc41f5fba51d1d9ea85e156587867174
- SHA256
  
  1592f542473e48b5a4ceac2f276254d0e8c4c7f820e500979f2a787bb6e32507
- SHA512
  
  e950db78cd562fc83cd485f7544eb0acabe9f8ddc0ef9bbc782a56d0d04b0506c469f260acb2b78e6fc17cc392f3065162af084b08f0e865acb3896d67d30b60
Score

10^/10

gozi_ifsb 6565 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb6565bankertrojan

behavioral2

gozi_ifsb6565bankertrojan