gozi_ifsb | 343327e91bd36f033ad1b2e11672051ea8e025cecce002eb9d8df2f2515b2cfa | Triage

Sharing

General

Target

07675e8567d8eb64663a05c14026ac45.dll
Size

937KB
Sample

210624-gb5jlgwh6j
MD5

07675e8567d8eb64663a05c14026ac45
SHA1

bcd54e905eb352859f104773fdf3aeefac172dbc
SHA256

343327e91bd36f033ad1b2e11672051ea8e025cecce002eb9d8df2f2515b2cfa
SHA512

1c89fe58592f76817eb6686937629da03e4a820e09e0d2af99d4c8acdf704aab2dfc587830550c8d5edc0c85f49ceaea507db987f1323523f1f327f5fe9d1c61

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  07675e8567d8eb64663a05c14026ac45.dll
- Size
  
  937KB
- MD5
  
  07675e8567d8eb64663a05c14026ac45
- SHA1
  
  bcd54e905eb352859f104773fdf3aeefac172dbc
- SHA256
  
  343327e91bd36f033ad1b2e11672051ea8e025cecce002eb9d8df2f2515b2cfa
- SHA512
  
  1c89fe58592f76817eb6686937629da03e4a820e09e0d2af99d4c8acdf704aab2dfc587830550c8d5edc0c85f49ceaea507db987f1323523f1f327f5fe9d1c61
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan