gozi_ifsb | e53caa0529020312a9092b409c2a38d6ddf0c3d2786832a514657ca617df770f | Triage

Sharing

General

Target

60b49bdd63509.dll
Size

368KB
Sample

210531-hv3bhxjgz6
MD5

3896aee936d55d53efa5e0d1c2ab817d
SHA1

589e3e955c870821277c7f2ea9f60bc37bbb7825
SHA256

e53caa0529020312a9092b409c2a38d6ddf0c3d2786832a514657ca617df770f
SHA512

2e4873a845f1184aae7eec138e3c5fa41cfccf809ba6c3367f8af059189fcd5b416c36761764583fdc5b2f7310475705d863dab8b31474d28264234a3f72fa93

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

roudinoden.club

cloudinoren.club

Attributes

build
250196
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  60b49bdd63509.dll
- Size
  
  368KB
- MD5
  
  3896aee936d55d53efa5e0d1c2ab817d
- SHA1
  
  589e3e955c870821277c7f2ea9f60bc37bbb7825
- SHA256
  
  e53caa0529020312a9092b409c2a38d6ddf0c3d2786832a514657ca617df770f
- SHA512
  
  2e4873a845f1184aae7eec138e3c5fa41cfccf809ba6c3367f8af059189fcd5b416c36761764583fdc5b2f7310475705d863dab8b31474d28264234a3f72fa93
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan