gozi_ifsb | 2187fe8f1f6b5f40d94b4beb802b66e457a53125ab0f0f088a4ccf052a96fb6c | Triage

Sharing

General

Target

af08a1bd429feee1b1597c8bbf533f11.dll
Size

563KB
Sample

210313-9l9tvvllna
MD5

af08a1bd429feee1b1597c8bbf533f11
SHA1

61a2ab80399aa61a76a9d101b273dbe786c15a6c
SHA256

2187fe8f1f6b5f40d94b4beb802b66e457a53125ab0f0f088a4ccf052a96fb6c
SHA512

1ad0c222e2c97bf9afccc254d220c75935229b522b556000d6216d8e3f748aa87ad0bd1e75db5a63c80f7a8b8450883fe9460b01c79337b9c1e9ddffbcde0365

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  af08a1bd429feee1b1597c8bbf533f11.dll
- Size
  
  563KB
- MD5
  
  af08a1bd429feee1b1597c8bbf533f11
- SHA1
  
  61a2ab80399aa61a76a9d101b273dbe786c15a6c
- SHA256
  
  2187fe8f1f6b5f40d94b4beb802b66e457a53125ab0f0f088a4ccf052a96fb6c
- SHA512
  
  1ad0c222e2c97bf9afccc254d220c75935229b522b556000d6216d8e3f748aa87ad0bd1e75db5a63c80f7a8b8450883fe9460b01c79337b9c1e9ddffbcde0365
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan