gozi_ifsb | 1abd2ae7b4600681751fcd1d401a6ad35fbdd3e231790be49ef7b61333358802 | Triage

Sharing

General

Target

6064024521dc9.png.dll
Size

264KB
Sample

210331-apjgy6jdcs
MD5

114344b10fcf51c14d79e5441e8fa86a
SHA1

1d52817634967190aa11a5c1eee9917839f4f384
SHA256

1abd2ae7b4600681751fcd1d401a6ad35fbdd3e231790be49ef7b61333358802
SHA512

3cf4279d16e0022a500c578bee2b5976f947d5ff213090c2fa1d3a702168a0cd5c0e7fa789224d921638faec7f25c01f967c8fb4f0deeaffb6ae78f029a99d87

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

ocsp.digicert.com

aus5.mozilla.org

palominoloopus.website

dresdengrauwes.website

Attributes

build
250187
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  6064024521dc9.png.dll
- Size
  
  264KB
- MD5
  
  114344b10fcf51c14d79e5441e8fa86a
- SHA1
  
  1d52817634967190aa11a5c1eee9917839f4f384
- SHA256
  
  1abd2ae7b4600681751fcd1d401a6ad35fbdd3e231790be49ef7b61333358802
- SHA512
  
  3cf4279d16e0022a500c578bee2b5976f947d5ff213090c2fa1d3a702168a0cd5c0e7fa789224d921638faec7f25c01f967c8fb4f0deeaffb6ae78f029a99d87
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan