gozi_ifsb | 0700fa851908bcd508385b8a6d90ff529ad91183256b18352812013d282ceb80 | Triage

Resubmissions

12-03-2021 08:58

210312-vj7wbkl2za 10

Sharing

General

Target

kybe4
Size

563KB
Sample

210312-vj7wbkl2za
MD5

477145fc6dad603f4e3b2218c619b529
SHA1

4ee92a74b0aecfbaa9befa1ace01472c8afdeef3
SHA256

0700fa851908bcd508385b8a6d90ff529ad91183256b18352812013d282ceb80
SHA512

7c0e7149adaf6c2d0284cc83b6f7e8117d4a3cfcfcc5a1a31b88da2a74aefdb536bd3537185643ecc8037ca144a276bef4d65360d692f7d00b42504063cde55f

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  kybe4
- Size
  
  563KB
- MD5
  
  477145fc6dad603f4e3b2218c619b529
- SHA1
  
  4ee92a74b0aecfbaa9befa1ace01472c8afdeef3
- SHA256
  
  0700fa851908bcd508385b8a6d90ff529ad91183256b18352812013d282ceb80
- SHA512
  
  7c0e7149adaf6c2d0284cc83b6f7e8117d4a3cfcfcc5a1a31b88da2a74aefdb536bd3537185643ecc8037ca144a276bef4d65360d692f7d00b42504063cde55f
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan