gozi_ifsb | 4bf6e9d4067cb905631ddf7452ac571c4ed9800c7eb8fc7e51b688e1154f52e3 | Triage

Sharing

General

Target

6fdbd25f7a84da80ee9d8577122c3291.dll
Size

467KB
Sample

210512-t4zzxwcwlj
MD5

6fdbd25f7a84da80ee9d8577122c3291
SHA1

39a52cbc48be934cf953d4699e8a1ea5ff53a5bf
SHA256

4bf6e9d4067cb905631ddf7452ac571c4ed9800c7eb8fc7e51b688e1154f52e3
SHA512

935e43b18efb458f246523976f6b71655cf5c4465cddc86e5b91a9acc8e5d77f3bc3d2b0414d9e08114f286afd682cb9364193babaec4cd6b6ca871abf5b79de

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

gmail.com

worunekulo.club

horunekulo.website

Attributes

build
250196
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  6fdbd25f7a84da80ee9d8577122c3291.dll
- Size
  
  467KB
- MD5
  
  6fdbd25f7a84da80ee9d8577122c3291
- SHA1
  
  39a52cbc48be934cf953d4699e8a1ea5ff53a5bf
- SHA256
  
  4bf6e9d4067cb905631ddf7452ac571c4ed9800c7eb8fc7e51b688e1154f52e3
- SHA512
  
  935e43b18efb458f246523976f6b71655cf5c4465cddc86e5b91a9acc8e5d77f3bc3d2b0414d9e08114f286afd682cb9364193babaec4cd6b6ca871abf5b79de
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan