gozi_ifsb | 193ef37f54910bc1ca5561aaf15a81d69d53eaf225fa2cafa48323f14e6436ea | Triage

Sharing

General

Target

racial.drc
Size

515KB
Sample

210603-21y1568mk2
MD5

c7bf06db097c752b00826afb65402278
SHA1

6a8f4f0428b01bf9eb2fa946875f0dee7041f2cb
SHA256

193ef37f54910bc1ca5561aaf15a81d69d53eaf225fa2cafa48323f14e6436ea
SHA512

ebc6d6a4e30c3616ca02835ac2e21ca018307f4908da579ac4d868b2461260c50cd6213d2091226c18ddc4cc33a9c90ded2e910380f7b6d20013b84c3a0e6449

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  racial.drc
- Size
  
  515KB
- MD5
  
  c7bf06db097c752b00826afb65402278
- SHA1
  
  6a8f4f0428b01bf9eb2fa946875f0dee7041f2cb
- SHA256
  
  193ef37f54910bc1ca5561aaf15a81d69d53eaf225fa2cafa48323f14e6436ea
- SHA512
  
  ebc6d6a4e30c3616ca02835ac2e21ca018307f4908da579ac4d868b2461260c50cd6213d2091226c18ddc4cc33a9c90ded2e910380f7b6d20013b84c3a0e6449
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozi_ifsb1500bankertrojan