gozi_ifsb | 49d253dfbd7c2257c1c2f2d703e94df19aaaa68c9d77abea2a6f4b9c12996a41 | Triage

Sharing

General

Target

093da571ba1e30c1491752f8e857f211.dll
Size

937KB
Sample

210526-75c1yrwmsn
MD5

093da571ba1e30c1491752f8e857f211
SHA1

cf66bc89ff8de954ee6ef1a4b802bea5a44933be
SHA256

49d253dfbd7c2257c1c2f2d703e94df19aaaa68c9d77abea2a6f4b9c12996a41
SHA512

e3845002c4339091e2ed29473fd8d9039b8513ee6d973beb23c0b0018768c45495bcd35ebd415851fe630aa60bf879fd3b00c0e778992dd84f5bc52feb939403

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  093da571ba1e30c1491752f8e857f211.dll
- Size
  
  937KB
- MD5
  
  093da571ba1e30c1491752f8e857f211
- SHA1
  
  cf66bc89ff8de954ee6ef1a4b802bea5a44933be
- SHA256
  
  49d253dfbd7c2257c1c2f2d703e94df19aaaa68c9d77abea2a6f4b9c12996a41
- SHA512
  
  e3845002c4339091e2ed29473fd8d9039b8513ee6d973beb23c0b0018768c45495bcd35ebd415851fe630aa60bf879fd3b00c0e778992dd84f5bc52feb939403
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan