gozi_ifsb | 7d2d2b783767c912afd95995db9c019b2791eed1c812c90c266353ac372e1fa7 | Triage

Sharing

General

Target

c887b7b0ad16d35114d83e25f723f3c9.dll
Size

937KB
Sample

210528-drt9gm6ggn
MD5

c887b7b0ad16d35114d83e25f723f3c9
SHA1

9e9c1836ef0a0a4e089a643123d1ab77624d2e80
SHA256

7d2d2b783767c912afd95995db9c019b2791eed1c812c90c266353ac372e1fa7
SHA512

7456c2c6c9c39c01c56b316af9da8a19a376acac22cab4a10a473407d2681cec424e1d0eee17332aab8e4b73f53d9f5d06c4d198c2b26bb56c0a75927cd3b7c7

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  c887b7b0ad16d35114d83e25f723f3c9.dll
- Size
  
  937KB
- MD5
  
  c887b7b0ad16d35114d83e25f723f3c9
- SHA1
  
  9e9c1836ef0a0a4e089a643123d1ab77624d2e80
- SHA256
  
  7d2d2b783767c912afd95995db9c019b2791eed1c812c90c266353ac372e1fa7
- SHA512
  
  7456c2c6c9c39c01c56b316af9da8a19a376acac22cab4a10a473407d2681cec424e1d0eee17332aab8e4b73f53d9f5d06c4d198c2b26bb56c0a75927cd3b7c7
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan