gozi_ifsb | 95ee30fe8d98ca42ee90db02ea80480154fd5f7c1464983451bbdb699a11ff1b | Triage

Sharing

General

Target

f6e62cb32013aacca6d75ace2754ea2e.dll
Size

937KB
Sample

210621-jfm4sb3e3j
MD5

f6e62cb32013aacca6d75ace2754ea2e
SHA1

652c8017fad54c46c6b0a34c3e9b694dd868e81d
SHA256

95ee30fe8d98ca42ee90db02ea80480154fd5f7c1464983451bbdb699a11ff1b
SHA512

63be1be676acd89279260dba66d244c3d774414cb96531eaa14d9fe972ebfb820f18b077284b1f755a56739a1dc39d8255e96da734f951d9ea2fa9358b2edc6d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  f6e62cb32013aacca6d75ace2754ea2e.dll
- Size
  
  937KB
- MD5
  
  f6e62cb32013aacca6d75ace2754ea2e
- SHA1
  
  652c8017fad54c46c6b0a34c3e9b694dd868e81d
- SHA256
  
  95ee30fe8d98ca42ee90db02ea80480154fd5f7c1464983451bbdb699a11ff1b
- SHA512
  
  63be1be676acd89279260dba66d244c3d774414cb96531eaa14d9fe972ebfb820f18b077284b1f755a56739a1dc39d8255e96da734f951d9ea2fa9358b2edc6d
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan