gozi_ifsb | bd43f7bc23a76b086a81b8e6fcd4355cac648d3f7d9a941d9aa259def534d5b1 | Triage

Sharing

General

Target

18d613d02eaf8d339feebb21f578f329.dll
Size

511KB
Sample

210504-2q7vap6cpn
MD5

18d613d02eaf8d339feebb21f578f329
SHA1

01ea39853139ccfe82f0bd19f8963d3ccebf8e8a
SHA256

bd43f7bc23a76b086a81b8e6fcd4355cac648d3f7d9a941d9aa259def534d5b1
SHA512

a432ca4267f56530945e2dd352e658d72b3fc84101b84dcd86bc0adcf42e218e394556d6b69cec92cb30a960ce83586e8c026e971f02fa5154d100a198f1e4ce

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

gmail.com

dorelunonu.us

morelunonu.us

Attributes

build
250195
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  18d613d02eaf8d339feebb21f578f329.dll
- Size
  
  511KB
- MD5
  
  18d613d02eaf8d339feebb21f578f329
- SHA1
  
  01ea39853139ccfe82f0bd19f8963d3ccebf8e8a
- SHA256
  
  bd43f7bc23a76b086a81b8e6fcd4355cac648d3f7d9a941d9aa259def534d5b1
- SHA512
  
  a432ca4267f56530945e2dd352e658d72b3fc84101b84dcd86bc0adcf42e218e394556d6b69cec92cb30a960ce83586e8c026e971f02fa5154d100a198f1e4ce
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan