gozi_ifsb | 2c9325a4221934b6d639f2e9680487fcb865c5fd7753b674d93b95720011505a | Triage

Sharing

General

Target

dd10aee2c7ab98d64703e4887d49defc.dll
Size

937KB
Sample

210626-lv6hw2gz4a
MD5

dd10aee2c7ab98d64703e4887d49defc
SHA1

f6c124779e707ca4008a02eeda642d5ef9ba31bc
SHA256

2c9325a4221934b6d639f2e9680487fcb865c5fd7753b674d93b95720011505a
SHA512

99765a8e7de2372ca87eed6dcf8cc3484485f9d19fe75ab6beffe582d48f5dc5f75356bbd4979e6a168d345814563ab753da02409f7422c9653cc12e4d0bb9e9

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  dd10aee2c7ab98d64703e4887d49defc.dll
- Size
  
  937KB
- MD5
  
  dd10aee2c7ab98d64703e4887d49defc
- SHA1
  
  f6c124779e707ca4008a02eeda642d5ef9ba31bc
- SHA256
  
  2c9325a4221934b6d639f2e9680487fcb865c5fd7753b674d93b95720011505a
- SHA512
  
  99765a8e7de2372ca87eed6dcf8cc3484485f9d19fe75ab6beffe582d48f5dc5f75356bbd4979e6a168d345814563ab753da02409f7422c9653cc12e4d0bb9e9
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan