gozi_ifsb | 3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735 | Triage

Sharing

General

Target

Selkirk.ttf
Size

374KB
Sample

210614-j5vg4zgt2j
MD5

81127b25e86fc1c34d4b3c234bbb7650
SHA1

97e8acc57e840ccc2a5caec350b69560f9d64abe
SHA256

3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
SHA512

c2dcf05d65baaab85309d912dbfe01193a99ab0ac6a06ab361edab95a2dc246e56dc782e7c5235a541b8dea62a1b9c86f6211a0a7e6b6a2d197066d010d02d3d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  Selkirk.ttf
- Size
  
  374KB
- MD5
  
  81127b25e86fc1c34d4b3c234bbb7650
- SHA1
  
  97e8acc57e840ccc2a5caec350b69560f9d64abe
- SHA256
  
  3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
- SHA512
  
  c2dcf05d65baaab85309d912dbfe01193a99ab0ac6a06ab361edab95a2dc246e56dc782e7c5235a541b8dea62a1b9c86f6211a0a7e6b6a2d197066d010d02d3d
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan