gozi_ifsb | fad3967fa3c73ef14e002d5f3f24a937f4510e64c153db847b42aedbe34642c7 | Triage

Sharing

General

Target

ce8cd9283e9f1b41c01bf51df13de9dd.dll
Size

937KB
Sample

210522-vb98lyp3ls
MD5

ce8cd9283e9f1b41c01bf51df13de9dd
SHA1

1d5f5fbfbcc02ede9bc230d30194fa44c6078665
SHA256

fad3967fa3c73ef14e002d5f3f24a937f4510e64c153db847b42aedbe34642c7
SHA512

d50a269c97ee03a52e21836e651189b9fef61ffaf9294f05fce5a65f3ec903ce597edf17472d742d44fa1eb9e58e5236724840a9760c09d49cb308a43560702a

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  ce8cd9283e9f1b41c01bf51df13de9dd.dll
- Size
  
  937KB
- MD5
  
  ce8cd9283e9f1b41c01bf51df13de9dd
- SHA1
  
  1d5f5fbfbcc02ede9bc230d30194fa44c6078665
- SHA256
  
  fad3967fa3c73ef14e002d5f3f24a937f4510e64c153db847b42aedbe34642c7
- SHA512
  
  d50a269c97ee03a52e21836e651189b9fef61ffaf9294f05fce5a65f3ec903ce597edf17472d742d44fa1eb9e58e5236724840a9760c09d49cb308a43560702a
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan