gozi_ifsb | 86f2d0cdf2052e7bacecbf0a95c997d1544c665476a854e5c03b4cc567e62e5a | Triage

Sharing

General

Target

5385235138904064.zip
Size

552KB
Sample

210702-lv5ztn4l9a
MD5

e34c9cd0dc6631ba12284de8d93c3908
SHA1

d779be2cfc7fb290831c9c79007c36ffd747a983
SHA256

86f2d0cdf2052e7bacecbf0a95c997d1544c665476a854e5c03b4cc567e62e5a
SHA512

fd218823050c9e3e9730e7be607ea4ce74c4246d0f811d6a5ae2a7fc6f8e11e0d7a82a2aa5c284f6fbfe52a43e41f3a64c5cbf646dadec210f2f191ecab0e5dd

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  fb48e7ea40d264d69dead693b2a4673b23d82158e542108740f418cd36a20f5a
- Size
  
  937KB
- MD5
  
  933d6410ea5e5d13fe61b41ad1badeaa
- SHA1
  
  b22a755163b157f9ba3feec53acf6244a9e4c6fa
- SHA256
  
  fb48e7ea40d264d69dead693b2a4673b23d82158e542108740f418cd36a20f5a
- SHA512
  
  ed2be1e59ada96699306a6c42eeb085399dfd0bc7e39fc15b8ad1458d639241a60c9343c74c32737d1e208734e35937c1552ac08b2cae9ccf38753ed11bec2ae
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan