gozi_ifsb | f4a464c2e5f14cd4c391a9b5ba60deca36ccaa6c1503a097eeb0c5070945d1fb | Triage

Sharing

General

Target

shorefront.eps
Size

384KB
Sample

210603-98bdpq79sj
MD5

b3526bc3c4a61f9f09ac31ee9a5fc8a5
SHA1

d92ac3fa9cca4ed8273111f767e24d8f53896787
SHA256

f4a464c2e5f14cd4c391a9b5ba60deca36ccaa6c1503a097eeb0c5070945d1fb
SHA512

0583e811619ea1ce40c430436e91b8b216fc509e7c75ed7132fdccc9f52f1828f50dbca6cd4b973090962fe6e8b76e298b0fe43b56ea2485810d4dc52e033fdb

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  shorefront.eps
- Size
  
  384KB
- MD5
  
  b3526bc3c4a61f9f09ac31ee9a5fc8a5
- SHA1
  
  d92ac3fa9cca4ed8273111f767e24d8f53896787
- SHA256
  
  f4a464c2e5f14cd4c391a9b5ba60deca36ccaa6c1503a097eeb0c5070945d1fb
- SHA512
  
  0583e811619ea1ce40c430436e91b8b216fc509e7c75ed7132fdccc9f52f1828f50dbca6cd4b973090962fe6e8b76e298b0fe43b56ea2485810d4dc52e033fdb
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan