gozi_ifsb | 339775cdf920ff6c753783962b295f687f4cd714a3fb7416c2204fbd576ff148 | Triage

Sharing

General

Target

eb498648d17ad5250ab1f38b190dd2da8bfa8db3ee86054db991db79d15ad5cc.zip
Size

342KB
Sample

210505-dn3veq34qe
MD5

cd7fe325747fee3ea74bf4bd6f31ca27
SHA1

ff03d99ced39e168b41f1e2b776d111615750c24
SHA256

339775cdf920ff6c753783962b295f687f4cd714a3fb7416c2204fbd576ff148
SHA512

63df09f7cb411a856913086c98a7f767640212c39f2c8f2022530fee7de409976a51f9c741643f72a8e2bdb2ec158da113b9062f8b853372591a478ada849006

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

gmail.com

dorelunonu.us

morelunonu.us

Attributes

build
250195
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  eb498648d17ad5250ab1f38b190dd2da8bfa8db3ee86054db991db79d15ad5cc.dll
- Size
  
  511KB
- MD5
  
  e8eae1a820426a722c7cae54ed5bacd8
- SHA1
  
  4d8368f112e0c56e7caccb89724bfdad1999e706
- SHA256
  
  eb498648d17ad5250ab1f38b190dd2da8bfa8db3ee86054db991db79d15ad5cc
- SHA512
  
  b75df93529215c6003ddb86bc76a52144b29aec918a40a9dadec7446f67cc2626b67fa1738ed148e81a1c706dded69f609e1cd592cf13034ef9fd2cb21603032
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan