gozi_ifsb | d4d0bb44895c035a39afd7fab48f879e058f1cdc00db0666ebb08463cece2e51 | Triage

Sharing

General

Target

shook.vob
Size

626KB
Sample

210603-4w3vqnp26j
MD5

11dbf3457def6dece6fcb7564d957951
SHA1

d3f497dae6407e80f23340b990416abb5e15b748
SHA256

d4d0bb44895c035a39afd7fab48f879e058f1cdc00db0666ebb08463cece2e51
SHA512

2064b17bc479f91c26066edcd1f72f5911aded166d22e757df758c0937522baf2ab058d3e08598003c429ca6b5885f94c1bcb249c15bb9b58b8ad8ec30c8660f

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  shook.vob
- Size
  
  626KB
- MD5
  
  11dbf3457def6dece6fcb7564d957951
- SHA1
  
  d3f497dae6407e80f23340b990416abb5e15b748
- SHA256
  
  d4d0bb44895c035a39afd7fab48f879e058f1cdc00db0666ebb08463cece2e51
- SHA512
  
  2064b17bc479f91c26066edcd1f72f5911aded166d22e757df758c0937522baf2ab058d3e08598003c429ca6b5885f94c1bcb249c15bb9b58b8ad8ec30c8660f
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan