gozi_ifsb | 442fdd74d9c1689153b46e6f7da919471461da326911df19e2fa42dd2f43e254 | Triage

Sharing

General

Target

1.css
Size

424KB
Sample

210603-djtxv4xev2
MD5

4732648abe7049072850a16f3e6bbe38
SHA1

52cb2e88e951f2576d53104d88adc47e33bca8e3
SHA256

442fdd74d9c1689153b46e6f7da919471461da326911df19e2fa42dd2f43e254
SHA512

a68ab9dc8b8eb166bc6dd1b2144a82444cd316eb3fabcc344f60d593920c557b1ff1fcb692d6e348075c11f8bee199a745c3f2a732adeea0a85d953e2a3bc05d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  1.css
- Size
  
  424KB
- MD5
  
  4732648abe7049072850a16f3e6bbe38
- SHA1
  
  52cb2e88e951f2576d53104d88adc47e33bca8e3
- SHA256
  
  442fdd74d9c1689153b46e6f7da919471461da326911df19e2fa42dd2f43e254
- SHA512
  
  a68ab9dc8b8eb166bc6dd1b2144a82444cd316eb3fabcc344f60d593920c557b1ff1fcb692d6e348075c11f8bee199a745c3f2a732adeea0a85d953e2a3bc05d
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozi_ifsb4500bankertrojan