gozi_ifsb | f87ed79fbb1a2228c97fb59127eade39c4f8218fa28ddd76b50da177d81438e3 | Triage

Sharing

General

Target

f87ed79fbb1a2228c97fb59127eade39c4f8218fa28ddd76b50da177d81438e3
Size

563KB
Sample

210314-9js1cd7axx
MD5

9d7f1e8c8fca96cc2cbed2c7d1b954ca
SHA1

f086f0be7d9ed6fe64291bf64f456630fb81cb70
SHA256

f87ed79fbb1a2228c97fb59127eade39c4f8218fa28ddd76b50da177d81438e3
SHA512

9f311d61716c0ab2f4dd059505ac8b4def4db90815f422b5f236b8b1c929dabe3d3d5223d834357431f9bd8d5578c179c7f78a131f0428cf0e3a304edc741113

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  f87ed79fbb1a2228c97fb59127eade39c4f8218fa28ddd76b50da177d81438e3
- Size
  
  563KB
- MD5
  
  9d7f1e8c8fca96cc2cbed2c7d1b954ca
- SHA1
  
  f086f0be7d9ed6fe64291bf64f456630fb81cb70
- SHA256
  
  f87ed79fbb1a2228c97fb59127eade39c4f8218fa28ddd76b50da177d81438e3
- SHA512
  
  9f311d61716c0ab2f4dd059505ac8b4def4db90815f422b5f236b8b1c929dabe3d3d5223d834357431f9bd8d5578c179c7f78a131f0428cf0e3a304edc741113
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan