gozi_ifsb | 08fd06ce8e7fb421dfb25e5aa521667b978f7b17a49472ee8f3ead207017986b | Triage

Sharing

General

Target

a40e7e271f1c83721f2ead8c1c347cdb.dll
Size

937KB
Sample

210508-p5falmhra6
MD5

a40e7e271f1c83721f2ead8c1c347cdb
SHA1

a32bd04b8bcf083f58694a2693e9aa99d676652a
SHA256

08fd06ce8e7fb421dfb25e5aa521667b978f7b17a49472ee8f3ead207017986b
SHA512

9803efe431e38b1c7fca191fb4b48293fd8c82c57639a367cc40d0e145000d0413cc5046b1bd2b5fcd2cf23c8c61460f5f077fe91627aaf5fbd9988ce2a6c01c

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  a40e7e271f1c83721f2ead8c1c347cdb.dll
- Size
  
  937KB
- MD5
  
  a40e7e271f1c83721f2ead8c1c347cdb
- SHA1
  
  a32bd04b8bcf083f58694a2693e9aa99d676652a
- SHA256
  
  08fd06ce8e7fb421dfb25e5aa521667b978f7b17a49472ee8f3ead207017986b
- SHA512
  
  9803efe431e38b1c7fca191fb4b48293fd8c82c57639a367cc40d0e145000d0413cc5046b1bd2b5fcd2cf23c8c61460f5f077fe91627aaf5fbd9988ce2a6c01c
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan