gozi_ifsb | 6d16bdcedf0d57eceddbdf534ad2499d8b11e4c729fb33f3b85565d54e0feb98 | Triage

Sharing

General

Target

SNF-F-CTI.dll
Size

372KB
Sample

210330-cvnv6xbf4n
MD5

ce41178c5ff61c7c39a70dcf9d7b50fe
SHA1

f70ef398dc6fd25f918c721a80f1712e4e987b7c
SHA256

6d16bdcedf0d57eceddbdf534ad2499d8b11e4c729fb33f3b85565d54e0feb98
SHA512

bb8e3b80e75d6413fc9a2e2036899d9a2ff0aa8f8eb94d37b385f6cdeb46c2e24326a24337c379d285a1111b105990a9d26e0555f91538c815633f5b61009937

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

ocsp.digicert.com

aus5.mozilla.org

palominoloopus.website

dresdengrauwes.website

Attributes

build
250187
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  SNF-F-CTI.dll
- Size
  
  372KB
- MD5
  
  ce41178c5ff61c7c39a70dcf9d7b50fe
- SHA1
  
  f70ef398dc6fd25f918c721a80f1712e4e987b7c
- SHA256
  
  6d16bdcedf0d57eceddbdf534ad2499d8b11e4c729fb33f3b85565d54e0feb98
- SHA512
  
  bb8e3b80e75d6413fc9a2e2036899d9a2ff0aa8f8eb94d37b385f6cdeb46c2e24326a24337c379d285a1111b105990a9d26e0555f91538c815633f5b61009937
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan