gozi_ifsb | f7fe2c3969d0e34e88cee07fc7623b9e7aa0cd30231e7e2ddea6b9b967fe7702 | Triage

Sharing

General

Target

racial.drc
Size

515KB
Sample

210603-zt1hdkyg3x
MD5

efb92925b144840e5a35d2807b42b09b
SHA1

50c4b3a4f3eb4ddac6de2773ce91b39e74492ed2
SHA256

f7fe2c3969d0e34e88cee07fc7623b9e7aa0cd30231e7e2ddea6b9b967fe7702
SHA512

cee4ba51677841ab63d47c616920266d9d5f72a03293835b7a2449d692d99fc5a69299478e975fa626b6e381bf70d7b3e30c843e05da157761322155ccbc4991

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  racial.drc
- Size
  
  515KB
- MD5
  
  efb92925b144840e5a35d2807b42b09b
- SHA1
  
  50c4b3a4f3eb4ddac6de2773ce91b39e74492ed2
- SHA256
  
  f7fe2c3969d0e34e88cee07fc7623b9e7aa0cd30231e7e2ddea6b9b967fe7702
- SHA512
  
  cee4ba51677841ab63d47c616920266d9d5f72a03293835b7a2449d692d99fc5a69299478e975fa626b6e381bf70d7b3e30c843e05da157761322155ccbc4991
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan