gozi_ifsb | b6d47431005c53645b469aaae5c0531bca27e9d11d014755193aa74c3f228ae8 | Triage

Sharing

General

Target

shook.vob
Size

626KB
Sample

210603-hgdrbpxhk6
MD5

ecc4e73f710d096fa7fd8573a999883f
SHA1

6b17f6e11503689592ee647f27a4e3b889156c11
SHA256

b6d47431005c53645b469aaae5c0531bca27e9d11d014755193aa74c3f228ae8
SHA512

c4429c7e80c8454c92a3f1df8d79f547d70c4a1a57ae29c39800dbad3451edd27408c5a6a996623694d909e782fc2f730900e62e57f912be4df7cc9d5a0d6765

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  shook.vob
- Size
  
  626KB
- MD5
  
  ecc4e73f710d096fa7fd8573a999883f
- SHA1
  
  6b17f6e11503689592ee647f27a4e3b889156c11
- SHA256
  
  b6d47431005c53645b469aaae5c0531bca27e9d11d014755193aa74c3f228ae8
- SHA512
  
  c4429c7e80c8454c92a3f1df8d79f547d70c4a1a57ae29c39800dbad3451edd27408c5a6a996623694d909e782fc2f730900e62e57f912be4df7cc9d5a0d6765
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan