gozi_ifsb | 86c9ed4ba9d0cb2127c38667dc7f4ec2a071649fa2f205dbc69a3ba855ec4a1a | Triage

Sharing

General

Target

f042b85a514165c73ba938bc4e96bde2.dll
Size

937KB
Sample

210523-t1vcyvjcrx
MD5

f042b85a514165c73ba938bc4e96bde2
SHA1

76b6917c0151321e12f31ca16c61145a0b91252e
SHA256

86c9ed4ba9d0cb2127c38667dc7f4ec2a071649fa2f205dbc69a3ba855ec4a1a
SHA512

541e36f20c9bd2be6ade8c8c10507c2b8c509c0959ddd2c32c075905d3a216271cc81f9de8ad8bcec1beefe5303c6fc6051ae0d5c4baab3f9c68035665c7cca9

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  f042b85a514165c73ba938bc4e96bde2.dll
- Size
  
  937KB
- MD5
  
  f042b85a514165c73ba938bc4e96bde2
- SHA1
  
  76b6917c0151321e12f31ca16c61145a0b91252e
- SHA256
  
  86c9ed4ba9d0cb2127c38667dc7f4ec2a071649fa2f205dbc69a3ba855ec4a1a
- SHA512
  
  541e36f20c9bd2be6ade8c8c10507c2b8c509c0959ddd2c32c075905d3a216271cc81f9de8ad8bcec1beefe5303c6fc6051ae0d5c4baab3f9c68035665c7cca9
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan