gozi_ifsb | cbbc3dfcd7d4efcd01a21cfca2776eb495a9b0f515e6f8096d6f470e8e2c8fb2 | Triage

Sharing

General

Target

racial.drc
Size

515KB
Sample

210603-7ckay8vkc2
MD5

9aefd3ea1f73601ab7765412d70920b2
SHA1

8048307abababa4d8489b03194ddf06cb7f877ab
SHA256

cbbc3dfcd7d4efcd01a21cfca2776eb495a9b0f515e6f8096d6f470e8e2c8fb2
SHA512

6e50cda4075f0ed0225df5b322c09a388bf6f5077c0305b791fd74a1a4edcd32d9dfe3c2e4c320ec736279e6d2513127c2ccaf78b4bf88ab5d461204ef2f7082

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  racial.drc
- Size
  
  515KB
- MD5
  
  9aefd3ea1f73601ab7765412d70920b2
- SHA1
  
  8048307abababa4d8489b03194ddf06cb7f877ab
- SHA256
  
  cbbc3dfcd7d4efcd01a21cfca2776eb495a9b0f515e6f8096d6f470e8e2c8fb2
- SHA512
  
  6e50cda4075f0ed0225df5b322c09a388bf6f5077c0305b791fd74a1a4edcd32d9dfe3c2e4c320ec736279e6d2513127c2ccaf78b4bf88ab5d461204ef2f7082
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan