gozi_ifsb | aafda6138e0a43b153cc003b11f3e5fa8bf9e929d2356ec536b931a0ce983aa1 | Triage

Sharing

General

Target

aafda6138e0a43b153cc003b11f3e5fa8bf9e929d2356ec536b931a0ce983aa1
Size

834KB
Sample

210608-ag88be4ghn
MD5

b8bc8b1740b329ff2baf16bcee6ca23d
SHA1

d9215e03d2ddae00041a4ddd731872025b3ce537
SHA256

aafda6138e0a43b153cc003b11f3e5fa8bf9e929d2356ec536b931a0ce983aa1
SHA512

526cee6275372aaa9a34e51a42e607e940b2c0652b45aa3acf5a2b92b8cda6dc1c117d891d64fc93e013869e8244615b7d5d76c2c9c89b02920a11d97a4ed4af

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  aafda6138e0a43b153cc003b11f3e5fa8bf9e929d2356ec536b931a0ce983aa1
- Size
  
  834KB
- MD5
  
  b8bc8b1740b329ff2baf16bcee6ca23d
- SHA1
  
  d9215e03d2ddae00041a4ddd731872025b3ce537
- SHA256
  
  aafda6138e0a43b153cc003b11f3e5fa8bf9e929d2356ec536b931a0ce983aa1
- SHA512
  
  526cee6275372aaa9a34e51a42e607e940b2c0652b45aa3acf5a2b92b8cda6dc1c117d891d64fc93e013869e8244615b7d5d76c2c9c89b02920a11d97a4ed4af
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2

gozi_ifsb5500bankertrojan