gozi_ifsb | b92289a53611d6f8c078e931c3c5c6ce577e05358bdf54389830e962090991b7 | Triage

Sharing

General

Target

d5c0bac78e53b46b2fff5e470e98210c.dll
Size

937KB
Sample

210611-3k31graajs
MD5

d5c0bac78e53b46b2fff5e470e98210c
SHA1

a00da4d379748f9e6f2de1006f10156aa8c36f39
SHA256

b92289a53611d6f8c078e931c3c5c6ce577e05358bdf54389830e962090991b7
SHA512

72a62feabaa7d94f02efe56a735f5ce6898a2c1f78d996b516deac89510feb353b105efc4662cb64ab1adf93a89d762679e7e53e2ccc59cc31d8d93e313b86ca

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  d5c0bac78e53b46b2fff5e470e98210c.dll
- Size
  
  937KB
- MD5
  
  d5c0bac78e53b46b2fff5e470e98210c
- SHA1
  
  a00da4d379748f9e6f2de1006f10156aa8c36f39
- SHA256
  
  b92289a53611d6f8c078e931c3c5c6ce577e05358bdf54389830e962090991b7
- SHA512
  
  72a62feabaa7d94f02efe56a735f5ce6898a2c1f78d996b516deac89510feb353b105efc4662cb64ab1adf93a89d762679e7e53e2ccc59cc31d8d93e313b86ca
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan