gozi_ifsb | 5d002f8a395fcc9a680a9ef4f78a8674cc0757850b02bf12a8ef4df79e2e4bd3 | Triage

Sharing

General

Target

609110f2d14a6.dll
Size

482KB
Sample

210504-79ltw6nyqx
MD5

4ea47e933317499aecc740bfd9adcbb8
SHA1

6b26f847dad738687c05c039d738d2f09293b414
SHA256

5d002f8a395fcc9a680a9ef4f78a8674cc0757850b02bf12a8ef4df79e2e4bd3
SHA512

5834e028e12cd110a9262e7dfcf38a37088d2f5493f39ff96a79e65a29650806229c6e919e0542588bea45bc33270beb55b436152ec234298d4ce3bc7bd56830

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

gmail.com

dorelunonu.us

morelunonu.us

Attributes

build
250195
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  609110f2d14a6.dll
- Size
  
  482KB
- MD5
  
  4ea47e933317499aecc740bfd9adcbb8
- SHA1
  
  6b26f847dad738687c05c039d738d2f09293b414
- SHA256
  
  5d002f8a395fcc9a680a9ef4f78a8674cc0757850b02bf12a8ef4df79e2e4bd3
- SHA512
  
  5834e028e12cd110a9262e7dfcf38a37088d2f5493f39ff96a79e65a29650806229c6e919e0542588bea45bc33270beb55b436152ec234298d4ce3bc7bd56830
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan