gozi_ifsb | 2a9fe2a5cd39f108cd286b797bcfa357751d1dc39f856004e096a85f08e1fe15 | Triage

Sharing

General

Target

racial.drc
Size

515KB
Sample

210602-qtq6g5mkqa
MD5

4d9a85efd85359c0173c23d836a5b6b3
SHA1

25d521862befa5f4865fa0971a7fd22f362fcb6b
SHA256

2a9fe2a5cd39f108cd286b797bcfa357751d1dc39f856004e096a85f08e1fe15
SHA512

830eb0fa00bb78a4716b07ffda30ab278901a3f2635f705eb3b9af3792bb45195fb559302323e348a489f56d7eba972b329aedbe0e45cde66d7a55feecd7c7a8

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  racial.drc
- Size
  
  515KB
- MD5
  
  4d9a85efd85359c0173c23d836a5b6b3
- SHA1
  
  25d521862befa5f4865fa0971a7fd22f362fcb6b
- SHA256
  
  2a9fe2a5cd39f108cd286b797bcfa357751d1dc39f856004e096a85f08e1fe15
- SHA512
  
  830eb0fa00bb78a4716b07ffda30ab278901a3f2635f705eb3b9af3792bb45195fb559302323e348a489f56d7eba972b329aedbe0e45cde66d7a55feecd7c7a8
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan