gozi_ifsb | 0ec847dec15446cec4d80a76bd4eb7ea49033ae5dfc05a19500dae395e0e93fd | Triage

Sharing

General

Target

526b7faa3b330ec7390cfd501504e7ec.dll
Size

937KB
Sample

210524-9xye5pj72x
MD5

526b7faa3b330ec7390cfd501504e7ec
SHA1

864503c8df4e15c76cab6441ebe3ecee721ab0be
SHA256

0ec847dec15446cec4d80a76bd4eb7ea49033ae5dfc05a19500dae395e0e93fd
SHA512

7a093fbda59dd25eba951115d95a8328fe68aa6c647eb4ed7a054f76322783eb2c86cfaf1071ebe308e8aee39a4aded454b2ef4c5dbd0263723213347c8e485d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  526b7faa3b330ec7390cfd501504e7ec.dll
- Size
  
  937KB
- MD5
  
  526b7faa3b330ec7390cfd501504e7ec
- SHA1
  
  864503c8df4e15c76cab6441ebe3ecee721ab0be
- SHA256
  
  0ec847dec15446cec4d80a76bd4eb7ea49033ae5dfc05a19500dae395e0e93fd
- SHA512
  
  7a093fbda59dd25eba951115d95a8328fe68aa6c647eb4ed7a054f76322783eb2c86cfaf1071ebe308e8aee39a4aded454b2ef4c5dbd0263723213347c8e485d
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan