gozi_ifsb | 2da9852912cf01db29e1b3db4a1b9599979ac3c63a6522f5a4a771938c2b36db | Triage

Sharing

General

Target

bytesRCount.jpg
Size

306KB
Sample

210621-ywz9tyq2kj
MD5

49af33aa7ecc1a785c1fe96c1946aad1
SHA1

8c2d963af567367151400c4558e21e5711d1707d
SHA256

2da9852912cf01db29e1b3db4a1b9599979ac3c63a6522f5a4a771938c2b36db
SHA512

dab397abb7c719f28b60e3726f54e2e60be871ca63d0a22d170c55074dc87bddbdb6f56d279b913d340d820e0ebe7214196b0de6bce7d40d3acd301bef759d81

Score

10^/10

gozi_ifsb 6000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  bytesRCount.jpg
- Size
  
  306KB
- MD5
  
  49af33aa7ecc1a785c1fe96c1946aad1
- SHA1
  
  8c2d963af567367151400c4558e21e5711d1707d
- SHA256
  
  2da9852912cf01db29e1b3db4a1b9599979ac3c63a6522f5a4a771938c2b36db
- SHA512
  
  dab397abb7c719f28b60e3726f54e2e60be871ca63d0a22d170c55074dc87bddbdb6f56d279b913d340d820e0ebe7214196b0de6bce7d40d3acd301bef759d81
Score

10^/10

gozi_ifsb 6000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb6000bankertrojan

behavioral2

gozi_ifsb6000bankertrojan