gozi_ifsb | 9253423b5dd4844e13e867f280316e3dabf6ed54f6d1d3970c44b88ee751101d | Triage

Sharing

General

Target

80049e45_by_Libranalysis
Size

520KB
Sample

210505-74dtwjwt32
MD5

80049e45ead2847b3191be040c03bd7f
SHA1

3ddda05874db08d0d99327f1c076ce11c7fbc19f
SHA256

9253423b5dd4844e13e867f280316e3dabf6ed54f6d1d3970c44b88ee751101d
SHA512

5ec225ac6694d1724b844b8c08fe26a4378e8d96c90a3f7217c4b55ed325161126cc91b489ceeb1ac7e193cbac3ec6e79a93eb30899dbd6f310504056ac94efd

Score

10^/10

gozi_ifsb 4460 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4460

C2

1.microsoft.com

horulenuke.us

vorulenuke.us

Attributes

build
250190
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  83d9e62cebb8f222083e6d6670b0ca5e82459c8d7815b0c415c9d1964bd56583.dll
- Size
  
  877KB
- MD5
  
  a952840b01f89473d33440df6aee1fc9
- SHA1
  
  864445248c2967a09550bd455210159c669766e0
- SHA256
  
  83d9e62cebb8f222083e6d6670b0ca5e82459c8d7815b0c415c9d1964bd56583
- SHA512
  
  71017afec083a858d80c4b6c007bd9b259df4ed991ea3eef569ed24fe9063eac15c7dbc0cc014f2826c9fe834f6862539a79d95d3d2605e22cd0fbb18c4c7b01
Score

10^/10

gozi_ifsb 4460 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4460bankertrojan

behavioral2

gozi_ifsb4460bankertrojan