gozi_ifsb | 8310099f46b3760c683efe9aa247bfaa27334249e8375ddb9e45ee805a47857c | Triage

Sharing

General

Target

93e1f6a018dfd87a6235c247af3a5070.dll
Size

937KB
Sample

210505-prajhj6yxx
MD5

93e1f6a018dfd87a6235c247af3a5070
SHA1

642f459b8d535e9acb02160a124c2ec17b2717db
SHA256

8310099f46b3760c683efe9aa247bfaa27334249e8375ddb9e45ee805a47857c
SHA512

01f03aafe353954b05fc5a0ac58fe859c45c7d8238f687b3babc434b869a1c09e52bfbbd01c87e08295562fcf705007cb4c13f6475009acbd80194e2f1c752a4

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  93e1f6a018dfd87a6235c247af3a5070.dll
- Size
  
  937KB
- MD5
  
  93e1f6a018dfd87a6235c247af3a5070
- SHA1
  
  642f459b8d535e9acb02160a124c2ec17b2717db
- SHA256
  
  8310099f46b3760c683efe9aa247bfaa27334249e8375ddb9e45ee805a47857c
- SHA512
  
  01f03aafe353954b05fc5a0ac58fe859c45c7d8238f687b3babc434b869a1c09e52bfbbd01c87e08295562fcf705007cb4c13f6475009acbd80194e2f1c752a4
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan