gozi_ifsb | df68cfc319e0788358d0d843faefddfb9103d8010696d729c64b6c2051520b24 | Triage

Sharing

General

Target

foo.exe
Size

937KB
Sample

210607-c9q98w9x1x
MD5

69472b10d51de57775b06fdd0ea739b8
SHA1

04f880281e8f9882d1bad06d0882e70d3b126f1a
SHA256

df68cfc319e0788358d0d843faefddfb9103d8010696d729c64b6c2051520b24
SHA512

54e8824c99a3eef1379672a2ddc6ab007a79e69d24ad5e05551c1698b24256265f7cf76b04812ae005ab6562b30b85ed88b5bfbf105ff8d3215e33c6b0487681

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  foo.exe
- Size
  
  937KB
- MD5
  
  69472b10d51de57775b06fdd0ea739b8
- SHA1
  
  04f880281e8f9882d1bad06d0882e70d3b126f1a
- SHA256
  
  df68cfc319e0788358d0d843faefddfb9103d8010696d729c64b6c2051520b24
- SHA512
  
  54e8824c99a3eef1379672a2ddc6ab007a79e69d24ad5e05551c1698b24256265f7cf76b04812ae005ab6562b30b85ed88b5bfbf105ff8d3215e33c6b0487681
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan