gozi_ifsb | 603092da3b96d21dc0c4dcffd545fc27fce9c4a1afc8040a8a41a5e139817ea4 | Triage

Sharing

General

Target

339f3c74c70ecad94a1ed77ed695e0e184f4547be4d528c80d37ea7573c4bde0.zip
Size

553KB
Sample

210613-5l1mx52pvj
MD5

498f101d4c10dc9d515585187c25043c
SHA1

6d39c776c0d014f22def6ac1fd7f4c7ca3f83914
SHA256

603092da3b96d21dc0c4dcffd545fc27fce9c4a1afc8040a8a41a5e139817ea4
SHA512

2a0ed9ac455c0ddb628e0ecacbcf900f86a1b17178410532f7577111b013e066ebe837ddc65243ce94a785b6a82676c26bae2ab3cbc3bf2e60a3e6a00f30243f

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  339f3c74c70ecad94a1ed77ed695e0e184f4547be4d528c80d37ea7573c4bde0.dll
- Size
  
  937KB
- MD5
  
  941ccb3a8c0e865c06cc8a6aa29e1bc6
- SHA1
  
  454885f5d511ecd33f93cb96e3afbc2c01f37f22
- SHA256
  
  339f3c74c70ecad94a1ed77ed695e0e184f4547be4d528c80d37ea7573c4bde0
- SHA512
  
  ace5f70b832d8cf164eafdbf2193b471345d04b621d23faadb11ca1b0e33648b9df89becfe7c0be54aa3e6f88e6d6e8dd9efc8e44d9c96eee542e33ec493f60c
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan