gozi_ifsb | 88a721af886e13ab9fce89defec8dada8fa9794fbce712fb206c6d07bf74b722 | Triage

Sharing

General

Target

u200421.dll
Size

793KB
Sample

210420-mce8bjphb2
MD5

8a199847a3595a695695c025b62fef27
SHA1

e3cad849f9bdc09c39df288f619e2295fe70cc07
SHA256

88a721af886e13ab9fce89defec8dada8fa9794fbce712fb206c6d07bf74b722
SHA512

e64ccfacd6c6c9c77efc587300129ca3bb0654ba7b3e59afec450528d9503c6eb3c352732487c0f6283c41fd4b19087c2fb2f5db5f02f843e9db09f248d9033c

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

ieonline.microsoft.com

config.edge.skype.com

nav.smartscreen.microsoft.com

noogoorepu.us

toogoorepu.us

Attributes

build
250187
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  u200421.dll
- Size
  
  793KB
- MD5
  
  8a199847a3595a695695c025b62fef27
- SHA1
  
  e3cad849f9bdc09c39df288f619e2295fe70cc07
- SHA256
  
  88a721af886e13ab9fce89defec8dada8fa9794fbce712fb206c6d07bf74b722
- SHA512
  
  e64ccfacd6c6c9c77efc587300129ca3bb0654ba7b3e59afec450528d9503c6eb3c352732487c0f6283c41fd4b19087c2fb2f5db5f02f843e9db09f248d9033c
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan