gozi_ifsb | eb0331d59dcc188740e4dec6d463a8947caeebb215560bf885d781213389d55a | Triage

Sharing

General

Target

2bb413e89a992af0ef05cade160409ff.dll
Size

937KB
Sample

210524-vs2yyxwpga
MD5

2bb413e89a992af0ef05cade160409ff
SHA1

2a0dacba68042ac60ec492ca1cf1788d1ae06f72
SHA256

eb0331d59dcc188740e4dec6d463a8947caeebb215560bf885d781213389d55a
SHA512

d9060fae3b6f6f69911c9e485aee30f13c278e0b379d5ff7fb4739ceb65f54e93a5941352d708ded5ea7f4e6d72856d4bbab489cc7cefed78bac598926c63c78

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  2bb413e89a992af0ef05cade160409ff.dll
- Size
  
  937KB
- MD5
  
  2bb413e89a992af0ef05cade160409ff
- SHA1
  
  2a0dacba68042ac60ec492ca1cf1788d1ae06f72
- SHA256
  
  eb0331d59dcc188740e4dec6d463a8947caeebb215560bf885d781213389d55a
- SHA512
  
  d9060fae3b6f6f69911c9e485aee30f13c278e0b379d5ff7fb4739ceb65f54e93a5941352d708ded5ea7f4e6d72856d4bbab489cc7cefed78bac598926c63c78
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan