gozi_ifsb | 60aaa4687dd3691cd748aa4ac21324049698f184afa7d9a479f7527895dc810f | Triage

Sharing

General

Target

3caed8793a6444ce411bcb88f5f661a7.dll
Size

937KB
Sample

210508-qjz8peaqxa
MD5

3caed8793a6444ce411bcb88f5f661a7
SHA1

eeaf102a8062dd544755edc24c4cd9e57bf07864
SHA256

60aaa4687dd3691cd748aa4ac21324049698f184afa7d9a479f7527895dc810f
SHA512

c3104263e2fb0bf6d1840ff2ea6496b67a08b907ccc557eb07c3ad65218c046b494ea5471c53d7508790b2c2e50e5bb99593af2aca3721bf34ecb8b54e148aac

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  3caed8793a6444ce411bcb88f5f661a7.dll
- Size
  
  937KB
- MD5
  
  3caed8793a6444ce411bcb88f5f661a7
- SHA1
  
  eeaf102a8062dd544755edc24c4cd9e57bf07864
- SHA256
  
  60aaa4687dd3691cd748aa4ac21324049698f184afa7d9a479f7527895dc810f
- SHA512
  
  c3104263e2fb0bf6d1840ff2ea6496b67a08b907ccc557eb07c3ad65218c046b494ea5471c53d7508790b2c2e50e5bb99593af2aca3721bf34ecb8b54e148aac
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan