gozi_ifsb | e1241c08f206c0874f1ce8ce896f6eec7c44eaca16b0f84c14f1b16571b3feef | Triage

Sharing

General

Target

4fe0db5ea9c73bc364eed17a125e1ea7.dll
Size

937KB
Sample

210526-kgqwdfllx6
MD5

4fe0db5ea9c73bc364eed17a125e1ea7
SHA1

63901d57da65f74a1ca0287f50b19784cd90b903
SHA256

e1241c08f206c0874f1ce8ce896f6eec7c44eaca16b0f84c14f1b16571b3feef
SHA512

6c106d2212f48f9f36b1aa9dc1ec38e7739d43d20d5d5444cb664d5937c55f2be8a6e8447354cc23135f7631b80e6b9cd19d6f767ebd55e78478d1ea9a3dd585

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  4fe0db5ea9c73bc364eed17a125e1ea7.dll
- Size
  
  937KB
- MD5
  
  4fe0db5ea9c73bc364eed17a125e1ea7
- SHA1
  
  63901d57da65f74a1ca0287f50b19784cd90b903
- SHA256
  
  e1241c08f206c0874f1ce8ce896f6eec7c44eaca16b0f84c14f1b16571b3feef
- SHA512
  
  6c106d2212f48f9f36b1aa9dc1ec38e7739d43d20d5d5444cb664d5937c55f2be8a6e8447354cc23135f7631b80e6b9cd19d6f767ebd55e78478d1ea9a3dd585
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan