gozi_ifsb | fc9fffd970b6271c16e4717cc257d68d74a73257f59d60f76ddda28d9e729ed3 | Triage

Sharing

General

Target

25ccb64f72c46f7762a0c2b7b26aac04.dll
Size

937KB
Sample

210624-8ljcm3y9ba
MD5

25ccb64f72c46f7762a0c2b7b26aac04
SHA1

bcc71c44f04bda1bc063c448922faee59ee72663
SHA256

fc9fffd970b6271c16e4717cc257d68d74a73257f59d60f76ddda28d9e729ed3
SHA512

e4a421ae14fb0bab4d6001f191429c99222356f1d5dc3b531b76875a54ac1b3fbebdd905d1c293bbdd22f29cdc28a113ccc6ef09cfc3271c21edf8c2b27f1708

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  25ccb64f72c46f7762a0c2b7b26aac04.dll
- Size
  
  937KB
- MD5
  
  25ccb64f72c46f7762a0c2b7b26aac04
- SHA1
  
  bcc71c44f04bda1bc063c448922faee59ee72663
- SHA256
  
  fc9fffd970b6271c16e4717cc257d68d74a73257f59d60f76ddda28d9e729ed3
- SHA512
  
  e4a421ae14fb0bab4d6001f191429c99222356f1d5dc3b531b76875a54ac1b3fbebdd905d1c293bbdd22f29cdc28a113ccc6ef09cfc3271c21edf8c2b27f1708
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan