gozi_ifsb | 310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed | Triage

Sharing

General

Target

7e98e8fbf2fec9c9d36896a08a26a97f.dll
Size

372KB
Sample

210330-xe6gg8lajx
MD5

7e98e8fbf2fec9c9d36896a08a26a97f
SHA1

d3c22e099df48f78765bba4b64e3f006a9e0bcdd
SHA256

310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
SHA512

6d56845449783147539c38f6418bd2387c92c4bb0fba9040c8130db8c6097cf77557a924337541798dd3b3c1ff5aab00864479867cddcd2512e83bdac963decd

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

ocsp.digicert.com

aus5.mozilla.org

palominoloopus.website

dresdengrauwes.website

Attributes

build
250187
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  7e98e8fbf2fec9c9d36896a08a26a97f.dll
- Size
  
  372KB
- MD5
  
  7e98e8fbf2fec9c9d36896a08a26a97f
- SHA1
  
  d3c22e099df48f78765bba4b64e3f006a9e0bcdd
- SHA256
  
  310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
- SHA512
  
  6d56845449783147539c38f6418bd2387c92c4bb0fba9040c8130db8c6097cf77557a924337541798dd3b3c1ff5aab00864479867cddcd2512e83bdac963decd
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan