gozi_ifsb | e3bb271a901c491f3154a36e14bea0c9feda8d847425a1f1fe23e176f79460e5 | Triage

Sharing

General

Target

cc1c967671cc2cc3af6bd11abf613b0d.dll
Size

937KB
Sample

210523-tgdxkqcx7a
MD5

cc1c967671cc2cc3af6bd11abf613b0d
SHA1

381063253c14932de8dbac004c80b78c6b4aa0d0
SHA256

e3bb271a901c491f3154a36e14bea0c9feda8d847425a1f1fe23e176f79460e5
SHA512

63b2b8d5aeb274441ae23e84e01cd6bc64f46776eb633bf98cfea99a43053161dbf29fe84911141ec862172a996f5746d3595acf6ec8e1f9bd57156bc31243ea

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  cc1c967671cc2cc3af6bd11abf613b0d.dll
- Size
  
  937KB
- MD5
  
  cc1c967671cc2cc3af6bd11abf613b0d
- SHA1
  
  381063253c14932de8dbac004c80b78c6b4aa0d0
- SHA256
  
  e3bb271a901c491f3154a36e14bea0c9feda8d847425a1f1fe23e176f79460e5
- SHA512
  
  63b2b8d5aeb274441ae23e84e01cd6bc64f46776eb633bf98cfea99a43053161dbf29fe84911141ec862172a996f5746d3595acf6ec8e1f9bd57156bc31243ea
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan