gozi_ifsb | d5a501f4cc25f94df7c0b7546a1eba7798ce4d28f4052332429d52329e8f34dc | Triage

Sharing

General

Target

shook.vob
Size

626KB
Sample

210602-n4qpamyd9j
MD5

9b080472af7585ae77e5185ae6af924d
SHA1

b094c1d5762533cf28ddca5248c5fc6ec2bcdea7
SHA256

d5a501f4cc25f94df7c0b7546a1eba7798ce4d28f4052332429d52329e8f34dc
SHA512

537efc90367d0350765f047dbe300899e1c6d632b346faff6dafa75c744b52cc166ab5742e6b5c001a23fd7ebf7f5cd7b088b1ae7785807e8631d7a3b0daabfd

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  shook.vob
- Size
  
  626KB
- MD5
  
  9b080472af7585ae77e5185ae6af924d
- SHA1
  
  b094c1d5762533cf28ddca5248c5fc6ec2bcdea7
- SHA256
  
  d5a501f4cc25f94df7c0b7546a1eba7798ce4d28f4052332429d52329e8f34dc
- SHA512
  
  537efc90367d0350765f047dbe300899e1c6d632b346faff6dafa75c744b52cc166ab5742e6b5c001a23fd7ebf7f5cd7b088b1ae7785807e8631d7a3b0daabfd
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan