gozi_ifsb | d6071f7095db5bd5586d0a05bb421cc52287e897794688c9ec6d643286ca3924 | Triage

Sharing

General

Target

968b60db061083b1450cbf3e1011c0869429cbd5e1d304490b86257d9c1eedbb.zip
Size

553KB
Sample

210622-t6ycj1cvl2
MD5

775ed5e2f1ddd2f3c3ce83407f1bbf48
SHA1

1bab3230c997508b5284b272d368471d0ca2af30
SHA256

d6071f7095db5bd5586d0a05bb421cc52287e897794688c9ec6d643286ca3924
SHA512

9eac8025f3e5176cc658ae40cd5941fab54bfbc0e4788e59c4a0bcd611b5953cb6975cde3c4ddc98e9e49bef2ee41f23fd85c30c76edc39a97738c9272973b4d

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  968b60db061083b1450cbf3e1011c0869429cbd5e1d304490b86257d9c1eedbb.dll
- Size
  
  937KB
- MD5
  
  4fa3dba44cab35c7df9dc08db6afc469
- SHA1
  
  fed3518314015a7a79e33f36aed871bbf72affdc
- SHA256
  
  968b60db061083b1450cbf3e1011c0869429cbd5e1d304490b86257d9c1eedbb
- SHA512
  
  2bc007b66b4408dfa8288ae17720266b6bcf314ad8475a4a52425052fbd89d40e1aa04016f361d112c95e47c539ec3cfd87648ba6f8f9849f3071cd709d49ff6
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan