gozi_ifsb | 79278524b0b5613050c83e87aeddc0c987d8ad67fec06af310b8722b97a52171 | Triage

Sharing

General

Target

ca15492d0c96792b22e031811fc60237.dll
Size

937KB
Sample

210510-5qsnepb7ee
MD5

ca15492d0c96792b22e031811fc60237
SHA1

c25a707cb43e81bd1b72fd67abb0c5465c28cfc0
SHA256

79278524b0b5613050c83e87aeddc0c987d8ad67fec06af310b8722b97a52171
SHA512

22842f8781931812271908051d81cb7b95f13c48095e9a54a711c7a8dfba359c6f546ade4d240cd4de5d67462775581d5f8c1b5a3cd6e4fe126bb4c9aa70cbb5

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  ca15492d0c96792b22e031811fc60237.dll
- Size
  
  937KB
- MD5
  
  ca15492d0c96792b22e031811fc60237
- SHA1
  
  c25a707cb43e81bd1b72fd67abb0c5465c28cfc0
- SHA256
  
  79278524b0b5613050c83e87aeddc0c987d8ad67fec06af310b8722b97a52171
- SHA512
  
  22842f8781931812271908051d81cb7b95f13c48095e9a54a711c7a8dfba359c6f546ade4d240cd4de5d67462775581d5f8c1b5a3cd6e4fe126bb4c9aa70cbb5
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan