gozi_ifsb | 9cf96531ac589e5947c69554c9ea7f7ab2a7cd8037512754acf97d4a40f911b8 | Triage

Sharing

General

Target

crisp.css
Size

424KB
Sample

210603-x3lzvwvh46
MD5

b3eef2ceda386411f18232690dd0f973
SHA1

d524a9bc2b4f1c17b312d3fe71d752a0a52e318e
SHA256

9cf96531ac589e5947c69554c9ea7f7ab2a7cd8037512754acf97d4a40f911b8
SHA512

59e7783f2d849fded2712e8ff5ca64da086220232f54492cce544413df6443d16735e148dff8a4b13e3e7a63ac9657cf228ee7a756f6aadd2525d0f912c8eac3

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  crisp.css
- Size
  
  424KB
- MD5
  
  b3eef2ceda386411f18232690dd0f973
- SHA1
  
  d524a9bc2b4f1c17b312d3fe71d752a0a52e318e
- SHA256
  
  9cf96531ac589e5947c69554c9ea7f7ab2a7cd8037512754acf97d4a40f911b8
- SHA512
  
  59e7783f2d849fded2712e8ff5ca64da086220232f54492cce544413df6443d16735e148dff8a4b13e3e7a63ac9657cf228ee7a756f6aadd2525d0f912c8eac3
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozi_ifsb4500bankertrojan