gozi_ifsb | e2e8a185580a5831bd7ddfcbed30cb21965cfb3bd546b4cffd85dc886671aeea | Triage

Sharing

General

Target

d1253fcbf6ae056cff716ff6670c2c11.dll
Size

937KB
Sample

210522-n4pad3wbaj
MD5

d1253fcbf6ae056cff716ff6670c2c11
SHA1

68a6945ac7d27651b221ba0ad10b9c3ae8c878f8
SHA256

e2e8a185580a5831bd7ddfcbed30cb21965cfb3bd546b4cffd85dc886671aeea
SHA512

51264676f733244a4b7896c8ac1da657b1240f705ef08bb796b3044e4cadf50bd793556b27c7a203af3e8326d9d75830a8129f1022f683bb21fa395fc507369e

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  d1253fcbf6ae056cff716ff6670c2c11.dll
- Size
  
  937KB
- MD5
  
  d1253fcbf6ae056cff716ff6670c2c11
- SHA1
  
  68a6945ac7d27651b221ba0ad10b9c3ae8c878f8
- SHA256
  
  e2e8a185580a5831bd7ddfcbed30cb21965cfb3bd546b4cffd85dc886671aeea
- SHA512
  
  51264676f733244a4b7896c8ac1da657b1240f705ef08bb796b3044e4cadf50bd793556b27c7a203af3e8326d9d75830a8129f1022f683bb21fa395fc507369e
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan