gozi_ifsb | 8f92de808d26003355c0d9832c5a3dba3e337acae4935ccd7a37012aea681ca3 | Triage

Sharing

General

Target

xadar5
Size

599KB
Sample

210610-cj1l8acsyx
MD5

f65de6de03df304fa06f6908011f2713
SHA1

6bc18631dd4f9dac4af8e95b81a0d06aab636059
SHA256

8f92de808d26003355c0d9832c5a3dba3e337acae4935ccd7a37012aea681ca3
SHA512

56c9ce50c57c3419c046b6a928549c0f1c749eb3970eafa29e21a22cbbc477ad2138db0f1eb4e87e2a2d4c246b909e9ac8f4b4ec1604ef70a47b1bd84b1e578c

Score

10^/10

gozi_ifsb 6000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  xadar5
- Size
  
  599KB
- MD5
  
  f65de6de03df304fa06f6908011f2713
- SHA1
  
  6bc18631dd4f9dac4af8e95b81a0d06aab636059
- SHA256
  
  8f92de808d26003355c0d9832c5a3dba3e337acae4935ccd7a37012aea681ca3
- SHA512
  
  56c9ce50c57c3419c046b6a928549c0f1c749eb3970eafa29e21a22cbbc477ad2138db0f1eb4e87e2a2d4c246b909e9ac8f4b4ec1604ef70a47b1bd84b1e578c
Score

10^/10

gozi_ifsb 6000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb6000bankertrojan

behavioral2

gozi_ifsb6000bankertrojan