gozi_ifsb | 0ec847dec15446cec4d80a76bd4eb7ea49033ae5dfc05a19500dae395e0e93fd | Triage

Resubmissions

24-05-2021 16:20

210524-h5smzj86nn 10

24-05-2021 06:39

210524-etna91kdaj 10

Sharing

General

Target

526b7faa3b330ec7390cfd501504e7ec.dll
Size

937KB
Sample

210524-h5smzj86nn
MD5

526b7faa3b330ec7390cfd501504e7ec
SHA1

864503c8df4e15c76cab6441ebe3ecee721ab0be
SHA256

0ec847dec15446cec4d80a76bd4eb7ea49033ae5dfc05a19500dae395e0e93fd
SHA512

7a093fbda59dd25eba951115d95a8328fe68aa6c647eb4ed7a054f76322783eb2c86cfaf1071ebe308e8aee39a4aded454b2ef4c5dbd0263723213347c8e485d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  526b7faa3b330ec7390cfd501504e7ec.dll
- Size
  
  937KB
- MD5
  
  526b7faa3b330ec7390cfd501504e7ec
- SHA1
  
  864503c8df4e15c76cab6441ebe3ecee721ab0be
- SHA256
  
  0ec847dec15446cec4d80a76bd4eb7ea49033ae5dfc05a19500dae395e0e93fd
- SHA512
  
  7a093fbda59dd25eba951115d95a8328fe68aa6c647eb4ed7a054f76322783eb2c86cfaf1071ebe308e8aee39a4aded454b2ef4c5dbd0263723213347c8e485d
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gozi_ifsb4500bankertrojan