gozi_ifsb | 2ee0e0b21737b7f9ecc613be83b7ec84560d0770f794a819afe64f54b0e7743b | Triage

Sharing

General

Target

320192b545d3f45fd588b741c30fb2ec.dll
Size

937KB
Sample

210607-3xd2p3sst2
MD5

320192b545d3f45fd588b741c30fb2ec
SHA1

807433d7c1f8c7629ebcafd9d2c4e6797c82ce16
SHA256

2ee0e0b21737b7f9ecc613be83b7ec84560d0770f794a819afe64f54b0e7743b
SHA512

c95b2c2d1f7cdf5950db9bd655965cbacf3b8d383728db3786de404e68f70bec761dc6101ebbf6b0fc0252ec8626a8c5247cce4e5f378c6a63da648364b158c9

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  320192b545d3f45fd588b741c30fb2ec.dll
- Size
  
  937KB
- MD5
  
  320192b545d3f45fd588b741c30fb2ec
- SHA1
  
  807433d7c1f8c7629ebcafd9d2c4e6797c82ce16
- SHA256
  
  2ee0e0b21737b7f9ecc613be83b7ec84560d0770f794a819afe64f54b0e7743b
- SHA512
  
  c95b2c2d1f7cdf5950db9bd655965cbacf3b8d383728db3786de404e68f70bec761dc6101ebbf6b0fc0252ec8626a8c5247cce4e5f378c6a63da648364b158c9
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan