gozi_ifsb | 913535ed97ea88e3b80fe9032698ff77d697243cd8badf34aa9870e18c689121 | Triage

Sharing

General

Target

60d1a6a1be17f.dll
Size

349KB
Sample

210622-6le8p5esga
MD5

af580b336ff6905cd6b28f2cbb74efad
SHA1

671119f873ad83df335b97af20c1381efa97f7dc
SHA256

913535ed97ea88e3b80fe9032698ff77d697243cd8badf34aa9870e18c689121
SHA512

ab949f7c5fce9ac8ab8ea4563bf581204b691a8d62f1727c5bec507093bfc6d80e4c6d8be9ef0aa6d7773c08e219fb11b9f63415c82010b12a2e379eb162aa08

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

gerimerunollu.club

herimerunollu.club

Attributes

build
250206
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  60d1a6a1be17f.dll
- Size
  
  349KB
- MD5
  
  af580b336ff6905cd6b28f2cbb74efad
- SHA1
  
  671119f873ad83df335b97af20c1381efa97f7dc
- SHA256
  
  913535ed97ea88e3b80fe9032698ff77d697243cd8badf34aa9870e18c689121
- SHA512
  
  ab949f7c5fce9ac8ab8ea4563bf581204b691a8d62f1727c5bec507093bfc6d80e4c6d8be9ef0aa6d7773c08e219fb11b9f63415c82010b12a2e379eb162aa08
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan