Overview

overview

10

Static

static

ed3bb18336...3a.vbs

windows7_x64

10

ed3bb18336...3a.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed3bb183361d854959b4e3fd46a734ec957eabe9609b6a25f05c6dec39715f3a.zip

  • Size

    211KB

  • Sample

    210311-wk1csdpzxn

  • MD5

    aa6cf9fa7152abc15382488145a1394f

  • SHA1

    f28401be386b2c7e4f30a8323243991956ef3f83

  • SHA256

    865174220f6c4720c8c5f3aa973785abea173d041a9b755186eff90a02c670f8

  • SHA512

    bb7db2e48640c6afb7ee1ef60e866d415b1037e19f06001839a2e4cd930d5430fd1e299deae3b9948f505075da43bb898c1f57453025c434c61cf49411c25f43

Score
10/10
gozi_ifsb2200bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1
Attributes
  • build

    250180

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      ed3bb183361d854959b4e3fd46a734ec957eabe9609b6a25f05c6dec39715f3a.vbs

    • Size

      780KB

    • MD5

      e1f254d971bc086cf36dfa00d8625838

    • SHA1

      10f4ec1bfcadd0c3753d695d6d85463699d609a3

    • SHA256

      ed3bb183361d854959b4e3fd46a734ec957eabe9609b6a25f05c6dec39715f3a

    • SHA512

      9380f2131062a9c83d7abb8e7911293debf2eeeafd45b9e60fd64b2d628a79881603db1bf69c79586920e1011dff0882cac1842dfcdee45fbb92c76a9c1aac2d

    Score
    10/10
    gozi_ifsb2200bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks