gozi_ifsb | 32fc51d988b64cd7de947b8dfea463cd95c5461e569b08945feb1da2380deca0 | Triage

Sharing

General

Target

a300b696dd38187f64bd5132875a667e.dll
Size

937KB
Sample

210622-talmrr6wns
MD5

a300b696dd38187f64bd5132875a667e
SHA1

ce73c0990ddeabef0b34718e7598dc9a2e41fa85
SHA256

32fc51d988b64cd7de947b8dfea463cd95c5461e569b08945feb1da2380deca0
SHA512

72a6ad38bdfc947085d0d7faca78149bd1f2e0b6074af1932e30cc12168161a1d9569a28c737cd829f5e16f29b840720317ce9281daf9aa8875b132297f1f25a

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  a300b696dd38187f64bd5132875a667e.dll
- Size
  
  937KB
- MD5
  
  a300b696dd38187f64bd5132875a667e
- SHA1
  
  ce73c0990ddeabef0b34718e7598dc9a2e41fa85
- SHA256
  
  32fc51d988b64cd7de947b8dfea463cd95c5461e569b08945feb1da2380deca0
- SHA512
  
  72a6ad38bdfc947085d0d7faca78149bd1f2e0b6074af1932e30cc12168161a1d9569a28c737cd829f5e16f29b840720317ce9281daf9aa8875b132297f1f25a
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan