gozi_ifsb | 89816b893e66ff5eb9a42c14a2223e451e178c944438365ccecc9a8d1d64e6e8 | Triage

Submit
Reports

Overview

overview

Static

static

8

ordain.06.21.2021.doc

windows7_x64

ordain.06.21.2021.doc

windows10_x64

Resubmissions

15-09-2021 08:02

210915-jxlq9sdcap 10

21-06-2021 14:09

210621-9vqvyrxbas 10

Sharing

General

Target

ordain.06.21.2021.doc
Size

49KB
Sample

210621-9vqvyrxbas
MD5

13731c9cb360c300137bcb1779267f41
SHA1

cf816dc25baf65c92550452e3abe7f871af7f55a
SHA256

89816b893e66ff5eb9a42c14a2223e451e178c944438365ccecc9a8d1d64e6e8
SHA512

819e65feef603801ef28fd17a986085df277e5cb36c701a2471c00a4714ce51e376f4644ff9c264222bd35ec7192d4f62675673570a8633e330d337b921c1756

Score

10^/10

gozi_ifsb 6000 banker macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

ordain.06.21.2021.doc

Resource

win7v20210408

gozi_ifsb 6000 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ordain.06.21.2021.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  ordain.06.21.2021.doc
- Size
  
  49KB
- MD5
  
  13731c9cb360c300137bcb1779267f41
- SHA1
  
  cf816dc25baf65c92550452e3abe7f871af7f55a
- SHA256
  
  89816b893e66ff5eb9a42c14a2223e451e178c944438365ccecc9a8d1d64e6e8
- SHA512
  
  819e65feef603801ef28fd17a986085df277e5cb36c701a2471c00a4714ce51e376f4644ff9c264222bd35ec7192d4f62675673570a8633e330d337b921c1756
Score

10^/10

gozi_ifsb 6000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb6000bankertrojan

behavioral2

© 2018-2024

Terms | Privacy