gozi_ifsb | e1b21ed8992a45a13b75a1db762be38aba928d7dad5b9ee20b99d9e1c6cfb82c | Triage

Sharing

General

Target

e091bc381aebed8fee9363a882edfa68.dll
Size

937KB
Sample

210509-zgm34xx6ze
MD5

e091bc381aebed8fee9363a882edfa68
SHA1

2ecb2813135d36fd0a9bc28ac4020359618e4eaa
SHA256

e1b21ed8992a45a13b75a1db762be38aba928d7dad5b9ee20b99d9e1c6cfb82c
SHA512

5184fe79854e2e79cb30cb8e5f7b6a4224e4b27c54c0c06cf90e39ddce8b452d22640d010b986398e0c56bb97f3e471765ab56f0075401eeaeda12dbdf13b893

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  e091bc381aebed8fee9363a882edfa68.dll
- Size
  
  937KB
- MD5
  
  e091bc381aebed8fee9363a882edfa68
- SHA1
  
  2ecb2813135d36fd0a9bc28ac4020359618e4eaa
- SHA256
  
  e1b21ed8992a45a13b75a1db762be38aba928d7dad5b9ee20b99d9e1c6cfb82c
- SHA512
  
  5184fe79854e2e79cb30cb8e5f7b6a4224e4b27c54c0c06cf90e39ddce8b452d22640d010b986398e0c56bb97f3e471765ab56f0075401eeaeda12dbdf13b893
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan