gozi_ifsb | 26565bb980df7e0a005468cf2764cc72075ead4b6673c16b319c9c6b029b1bd1 | Triage

Sharing

General

Target

kybe3.rar
Size

311KB
Sample

210315-gmjtl1ks1s
MD5

8e461d3cc8cea851ac92cb177551cacb
SHA1

e43e6f456940bcdd8771d74e7b7286093743d2f8
SHA256

26565bb980df7e0a005468cf2764cc72075ead4b6673c16b319c9c6b029b1bd1
SHA512

2b387c8daa6fe03a8b01c4ed3fb6a0e570c9bc494688a3c178ce1ba37e9962c8b00714146712c336832c62f2d330e71e7b0ed60b88abfd167cf2be227d87b02a

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  kybe3.dll
- Size
  
  563KB
- MD5
  
  c7eeecef364f35c1b3f56b3136d5607f
- SHA1
  
  17b1f56ce5ffed92d7939315ebc1818157f02506
- SHA256
  
  f2059f3054bee3cb57c666b3994c0cf3aa61c981e2d70a798b5f1f43a189f20a
- SHA512
  
  31da7d5d631dd7809e252374dded9ab47fe17875ae53a8680e1aa433dda65cbe4688f6a3d1afaca67dcb30756c988476381444e1c6e16090bb4b7278a52b6f34
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan