gozi_ifsb | 20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7 | Triage

Sharing

General

Target

9d3a7a1f655bdc0714e010f31ad4c6cc.ttf
Size

374KB
Sample

210611-31pfd3glqe
MD5

9d3a7a1f655bdc0714e010f31ad4c6cc
SHA1

5115f00d59147a3113fab9402daeb34ffe71ae39
SHA256

20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7
SHA512

65a17e759ff8b47c01e24a0eec98c6d4bcea0001613c6214a3b1f015437f2998810aef349190fcaaf75cc692e8877c1fa3901b5d69838468c1cb416ee64c4b21

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  9d3a7a1f655bdc0714e010f31ad4c6cc.ttf
- Size
  
  374KB
- MD5
  
  9d3a7a1f655bdc0714e010f31ad4c6cc
- SHA1
  
  5115f00d59147a3113fab9402daeb34ffe71ae39
- SHA256
  
  20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7
- SHA512
  
  65a17e759ff8b47c01e24a0eec98c6d4bcea0001613c6214a3b1f015437f2998810aef349190fcaaf75cc692e8877c1fa3901b5d69838468c1cb416ee64c4b21
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan