gozi_ifsb | 802a752fca3ded051f0655c68012c769232d098d4a57c9887da39fa89070235a | Triage

Sharing

General

Target

68fc6441db6c5539573adf08f210c39b.dll
Size

937KB
Sample

210509-yb2ls9xm8j
MD5

68fc6441db6c5539573adf08f210c39b
SHA1

c67a6a85716e0f1439cae1c1cdf259c271515e85
SHA256

802a752fca3ded051f0655c68012c769232d098d4a57c9887da39fa89070235a
SHA512

e20656f24256170306d05c8604d8d22989304327993d0180a9e9e1d8d699fa6ff66d835c1fa5e120e4bfbd6c802b59f142d53dbb6e86844808b1338b301d5316

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  68fc6441db6c5539573adf08f210c39b.dll
- Size
  
  937KB
- MD5
  
  68fc6441db6c5539573adf08f210c39b
- SHA1
  
  c67a6a85716e0f1439cae1c1cdf259c271515e85
- SHA256
  
  802a752fca3ded051f0655c68012c769232d098d4a57c9887da39fa89070235a
- SHA512
  
  e20656f24256170306d05c8604d8d22989304327993d0180a9e9e1d8d699fa6ff66d835c1fa5e120e4bfbd6c802b59f142d53dbb6e86844808b1338b301d5316
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan