gozi_ifsb | acaa9361c7b3bcaa1f93026b711f43fad65703d457f9caddf3f4176eababcd9d | Triage

Sharing

General

Target

99.dll
Size

793KB
Sample

210407-dhm3l9xc12
MD5

3fe2241cdeb92ae65efe5e54258a73ae
SHA1

908591a23638ae99b220398f9268c52b2713d4b0
SHA256

acaa9361c7b3bcaa1f93026b711f43fad65703d457f9caddf3f4176eababcd9d
SHA512

77117bed7ef85d240e441d4d32acab31493a64fffdf90f6b1fb961691c71d5ba3c32385522f32117ae9595fe3104b8f5bc97fd0b5ccf9915d5970e9ceed8e7b3

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

ocsp2.digicert.com

aus6.mozilla.org

durenoluneer.xyz

surenoluneer.xyz

Attributes

build
250187
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  99.dll
- Size
  
  793KB
- MD5
  
  3fe2241cdeb92ae65efe5e54258a73ae
- SHA1
  
  908591a23638ae99b220398f9268c52b2713d4b0
- SHA256
  
  acaa9361c7b3bcaa1f93026b711f43fad65703d457f9caddf3f4176eababcd9d
- SHA512
  
  77117bed7ef85d240e441d4d32acab31493a64fffdf90f6b1fb961691c71d5ba3c32385522f32117ae9595fe3104b8f5bc97fd0b5ccf9915d5970e9ceed8e7b3
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan