gozi_ifsb | 68c1d27603528e896c0d5cab01240c441b4cc08797faf0d4578261b824d07f82 | Triage

Sharing

General

Target

file.dll
Size

457KB
Sample

210316-2bkxqf2wkx
MD5

e57116d079e5f8532959ac73fa54211b
SHA1

3c4615f2200c1d01c5a1880bb1bc2c072117ddf8
SHA256

68c1d27603528e896c0d5cab01240c441b4cc08797faf0d4578261b824d07f82
SHA512

7d8d63633a053f09aaa5bd45460c2661120f49a6c5c12725ad85645d2f7c7e5b9cc6ea0b1d66d31ec8b73c506c765a37fab6ab843c2f8ef82551dcad879c9b02

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

build
250177
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  file.dll
- Size
  
  457KB
- MD5
  
  e57116d079e5f8532959ac73fa54211b
- SHA1
  
  3c4615f2200c1d01c5a1880bb1bc2c072117ddf8
- SHA256
  
  68c1d27603528e896c0d5cab01240c441b4cc08797faf0d4578261b824d07f82
- SHA512
  
  7d8d63633a053f09aaa5bd45460c2661120f49a6c5c12725ad85645d2f7c7e5b9cc6ea0b1d66d31ec8b73c506c765a37fab6ab843c2f8ef82551dcad879c9b02
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan