gozi_ifsb | 98c29d3c1c76a00271ba5f2cf65106eb0870cf466e57954726143e293134971e | Triage

Sharing

General

Target

e0ebdc2043f61719c22ab6de883ff842.dll
Size

937KB
Sample

210526-6ffxgbpd1n
MD5

e0ebdc2043f61719c22ab6de883ff842
SHA1

7b42580d8cccb48996b2181d80c52971036221fa
SHA256

98c29d3c1c76a00271ba5f2cf65106eb0870cf466e57954726143e293134971e
SHA512

a922ff41fef15f2a2c1e6c84b055cacca7624a29146f324384cbc9cf7aa828d64b015ffc808659b1962202cdd6193e7499166d0a7e99af904787c0a2fb65a38d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  e0ebdc2043f61719c22ab6de883ff842.dll
- Size
  
  937KB
- MD5
  
  e0ebdc2043f61719c22ab6de883ff842
- SHA1
  
  7b42580d8cccb48996b2181d80c52971036221fa
- SHA256
  
  98c29d3c1c76a00271ba5f2cf65106eb0870cf466e57954726143e293134971e
- SHA512
  
  a922ff41fef15f2a2c1e6c84b055cacca7624a29146f324384cbc9cf7aa828d64b015ffc808659b1962202cdd6193e7499166d0a7e99af904787c0a2fb65a38d
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan