gozi_ifsb | 075ad31d8864e79876674c468a4a0f381ab9ce29559db21aad32e10ba8216fa1 | Triage

Sharing

General

Target

075ad31d8864e79876674c468a4a0f381ab9ce29559db21aad32e10ba8216fa1
Size

563KB
Sample

210312-ddyr8tntrs
MD5

31a9651f386ed20b3dd3bda2d6177cca
SHA1

92fb6d44f25339ae1f12c0a57071685b37d2f823
SHA256

075ad31d8864e79876674c468a4a0f381ab9ce29559db21aad32e10ba8216fa1
SHA512

bd916da067cc36300f303397e274802d3cc11524d7b0b3ab547bd737cf75d5c8cb67f273b1958220296200d5b08a8675bb4d305896f1811a8110f49df923b9c9

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  075ad31d8864e79876674c468a4a0f381ab9ce29559db21aad32e10ba8216fa1
- Size
  
  563KB
- MD5
  
  31a9651f386ed20b3dd3bda2d6177cca
- SHA1
  
  92fb6d44f25339ae1f12c0a57071685b37d2f823
- SHA256
  
  075ad31d8864e79876674c468a4a0f381ab9ce29559db21aad32e10ba8216fa1
- SHA512
  
  bd916da067cc36300f303397e274802d3cc11524d7b0b3ab547bd737cf75d5c8cb67f273b1958220296200d5b08a8675bb4d305896f1811a8110f49df923b9c9
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozi_ifsb5500bankertrojan