gozi_ifsb | 94eb81bc58adb976f21344d3eb273c9eb833afbcadd121eb2ad38f1ef07a1f85 | Triage

Sharing

General

Target

b1fc7dc75445a016588402757fdd6ff6-vt.dll
Size

452KB
Sample

210623-jnylbfcgae
MD5

b1fc7dc75445a016588402757fdd6ff6
SHA1

12aa8a932e6711beca796f67e717523d6794de9e
SHA256

94eb81bc58adb976f21344d3eb273c9eb833afbcadd121eb2ad38f1ef07a1f85
SHA512

5ea1a7e0d938ed772ab59c486ca6d018814082e50bd000aafafd43929983244875792c958a4bda8b12edea1888392c98c33bb26d2d3afb1a037e1074b6ed9675

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  b1fc7dc75445a016588402757fdd6ff6-vt.dll
- Size
  
  452KB
- MD5
  
  b1fc7dc75445a016588402757fdd6ff6
- SHA1
  
  12aa8a932e6711beca796f67e717523d6794de9e
- SHA256
  
  94eb81bc58adb976f21344d3eb273c9eb833afbcadd121eb2ad38f1ef07a1f85
- SHA512
  
  5ea1a7e0d938ed772ab59c486ca6d018814082e50bd000aafafd43929983244875792c958a4bda8b12edea1888392c98c33bb26d2d3afb1a037e1074b6ed9675
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankertrojan