gozi_ifsb | dc0ae3accd7067b3b1b1c6c208a603b2a62ec9be53ad17ef5d4bf48528c00fe6 | Triage

Sharing

General

Target

eaa396d7de6b9040a92c91f0ac5503ba.dll
Size

937KB
Sample

210522-7krnwayyyx
MD5

eaa396d7de6b9040a92c91f0ac5503ba
SHA1

a3c052e6d74cea274e739c42f6475cc80e880c0e
SHA256

dc0ae3accd7067b3b1b1c6c208a603b2a62ec9be53ad17ef5d4bf48528c00fe6
SHA512

169a0f2886034209fcc9b1f4cf41729d21c02613967edeb1dad11a1702f1ba4cc6b700e1e57f63f2bc2121e61b4454ddacd5a4f12fe0b42646177208210af9e8

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  eaa396d7de6b9040a92c91f0ac5503ba.dll
- Size
  
  937KB
- MD5
  
  eaa396d7de6b9040a92c91f0ac5503ba
- SHA1
  
  a3c052e6d74cea274e739c42f6475cc80e880c0e
- SHA256
  
  dc0ae3accd7067b3b1b1c6c208a603b2a62ec9be53ad17ef5d4bf48528c00fe6
- SHA512
  
  169a0f2886034209fcc9b1f4cf41729d21c02613967edeb1dad11a1702f1ba4cc6b700e1e57f63f2bc2121e61b4454ddacd5a4f12fe0b42646177208210af9e8
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan