gozi_ifsb | 263be47f602b2156c9282afdd6a0f1fe9bb9022cef2eb0a821e8d8153d3a8d06 | Triage

Sharing

General

Target

263be47f602b2156c9282afdd6a0f1fe9bb9022cef2eb0a821e8d8153d3a8d06
Size

160KB
Sample

210310-pv2d4lb4fe
MD5

24433fe5aed50417b17663e46bacf92c
SHA1

6ff9b5c8ff0fc10f3bcce07c4f4fda2eaa351188
SHA256

263be47f602b2156c9282afdd6a0f1fe9bb9022cef2eb0a821e8d8153d3a8d06
SHA512

c833a0e82e83e663eb362e7c18ae737d5750df2f1ad55ba68ba33ab87ed3d181b30bc8672f0a58e60ea25c0067b548e11d90cd8c8b4f566450fec01712900720

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  263be47f602b2156c9282afdd6a0f1fe9bb9022cef2eb0a821e8d8153d3a8d06
- Size
  
  160KB
- MD5
  
  24433fe5aed50417b17663e46bacf92c
- SHA1
  
  6ff9b5c8ff0fc10f3bcce07c4f4fda2eaa351188
- SHA256
  
  263be47f602b2156c9282afdd6a0f1fe9bb9022cef2eb0a821e8d8153d3a8d06
- SHA512
  
  c833a0e82e83e663eb362e7c18ae737d5750df2f1ad55ba68ba33ab87ed3d181b30bc8672f0a58e60ea25c0067b548e11d90cd8c8b4f566450fec01712900720
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankertrojan