gozi_ifsb | d3f3b917bd553cfee2c1fe6e5c466f39b99187063136d6b031a4e0c8b946f3bb | Triage

Sharing

General

Target

presentation.dll
Size

937KB
Sample

210526-wfznkfa28x
MD5

db26faded1059934c2d9895dd199bd0b
SHA1

07b09d0c67206178b72b8d18eb09cc0fa4552040
SHA256

d3f3b917bd553cfee2c1fe6e5c466f39b99187063136d6b031a4e0c8b946f3bb
SHA512

f47ef983168e855868ef32e3fc41e745f54fcdcd34ef76ff4b4127824bbd02ae5d5f6acd2eab120ea1b1a94aaaca2bf18ec0cc0b23f7fef9ade29b2ce7b4afeb

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  presentation.dll
- Size
  
  937KB
- MD5
  
  db26faded1059934c2d9895dd199bd0b
- SHA1
  
  07b09d0c67206178b72b8d18eb09cc0fa4552040
- SHA256
  
  d3f3b917bd553cfee2c1fe6e5c466f39b99187063136d6b031a4e0c8b946f3bb
- SHA512
  
  f47ef983168e855868ef32e3fc41e745f54fcdcd34ef76ff4b4127824bbd02ae5d5f6acd2eab120ea1b1a94aaaca2bf18ec0cc0b23f7fef9ade29b2ce7b4afeb
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan