gozi_ifsb | 9c3557c82143354e46734497c9237af055f29f8335460e26867e2662ca38926c | Triage

Submit
Reports

Overview

overview

Static

static

8

legal pape...21.doc

windows7_x64

legal pape...21.doc

windows10_x64

Sharing

General

Target

legal paper-06.18.2021.doc
Size

45KB
Sample

210618-8kq2hf4l36
MD5

431c63dfcdbee4be13b948b6340382ce
SHA1

f60de0bd4c89c99fc385f72636f50135387a3121
SHA256

9c3557c82143354e46734497c9237af055f29f8335460e26867e2662ca38926c
SHA512

f6471d7b7393dd2b5febbdde0b0ae4bf86fa3418afcb7443e906e0ca717d8700cbb86fcc0995cdd8667a87f349706f02956f1906033a3fe68644eced092f5b41

Score

10^/10

gozi_ifsb 6000 banker macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

legal paper-06.18.2021.doc

Resource

win7v20210410

gozi_ifsb 6000 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

legal paper-06.18.2021.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  legal paper-06.18.2021.doc
- Size
  
  45KB
- MD5
  
  431c63dfcdbee4be13b948b6340382ce
- SHA1
  
  f60de0bd4c89c99fc385f72636f50135387a3121
- SHA256
  
  9c3557c82143354e46734497c9237af055f29f8335460e26867e2662ca38926c
- SHA512
  
  f6471d7b7393dd2b5febbdde0b0ae4bf86fa3418afcb7443e906e0ca717d8700cbb86fcc0995cdd8667a87f349706f02956f1906033a3fe68644eced092f5b41
Score

10^/10

gozi_ifsb 6000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb6000bankertrojan

behavioral2

© 2018-2024

Terms | Privacy