gozi_ifsb | 31f3e3dff9f4a1c67b4358b3dea34a4c1ad3ad98f5d58006071ec82543d7ed08 | Triage

Sharing

General

Target

e8a3c694fc39f2fc11cc98a039092d9c.dll
Size

937KB
Sample

210524-6q8hht9xj6
MD5

e8a3c694fc39f2fc11cc98a039092d9c
SHA1

5a997bcf52469b57823d7aa171a2d6debc70800b
SHA256

31f3e3dff9f4a1c67b4358b3dea34a4c1ad3ad98f5d58006071ec82543d7ed08
SHA512

ec1a1c3991c3b9c9b923b9ce1799fdf6bcff5e0e7c64fcff95892f001b4cac244eaf1fe84410e418f7dafce301fe08df9f95af1b88d01576e51fc7e438feea47

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  e8a3c694fc39f2fc11cc98a039092d9c.dll
- Size
  
  937KB
- MD5
  
  e8a3c694fc39f2fc11cc98a039092d9c
- SHA1
  
  5a997bcf52469b57823d7aa171a2d6debc70800b
- SHA256
  
  31f3e3dff9f4a1c67b4358b3dea34a4c1ad3ad98f5d58006071ec82543d7ed08
- SHA512
  
  ec1a1c3991c3b9c9b923b9ce1799fdf6bcff5e0e7c64fcff95892f001b4cac244eaf1fe84410e418f7dafce301fe08df9f95af1b88d01576e51fc7e438feea47
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan