gozi_ifsb | f068defa1da6d30ce649b2eb04468987fb9e055cab5cc3389112014cb5a74e59 | Triage

Sharing

General

Target

spoolres.dll
Size

937KB
Sample

210702-rxap8l1m5x
MD5

7c78fb4fa292f9345bc49677d95040b5
SHA1

39212550527cb1605279d5a0aa6362ca21afea55
SHA256

f068defa1da6d30ce649b2eb04468987fb9e055cab5cc3389112014cb5a74e59
SHA512

7aaa27d5632bb8bf62a18bc6782eff2d330042feeb613e0c8d2b296459f38bcc66321f3ea6edd109455479de60d1c89142913830c72e33284ffddd93b834794f

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  spoolres.dll
- Size
  
  937KB
- MD5
  
  7c78fb4fa292f9345bc49677d95040b5
- SHA1
  
  39212550527cb1605279d5a0aa6362ca21afea55
- SHA256
  
  f068defa1da6d30ce649b2eb04468987fb9e055cab5cc3389112014cb5a74e59
- SHA512
  
  7aaa27d5632bb8bf62a18bc6782eff2d330042feeb613e0c8d2b296459f38bcc66321f3ea6edd109455479de60d1c89142913830c72e33284ffddd93b834794f
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan