gozi_ifsb | 2d49495a14202da33b0d3215668e55cfe873e4deff2bfb892a6227fc23b936fe | Triage

Sharing

General

Target

d1a5c.dll
Size

420KB
Sample

210705-1v3yakbmq6
MD5

d1a5cea82aad4498789085900147ca86
SHA1

9ba635f6bca95ccb96db70eb3247cc2191f2c7d3
SHA256

2d49495a14202da33b0d3215668e55cfe873e4deff2bfb892a6227fc23b936fe
SHA512

d11b5901c0793f53b19ef648cde8e1c588a1311bf77efcce9fa5cdf5f312fbdca27c56a1230329b758a8aa4043a81bd21cb530c5da4128ccce2aad3dca20c5fe

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d1a5c.dll
- Size
  
  420KB
- MD5
  
  d1a5cea82aad4498789085900147ca86
- SHA1
  
  9ba635f6bca95ccb96db70eb3247cc2191f2c7d3
- SHA256
  
  2d49495a14202da33b0d3215668e55cfe873e4deff2bfb892a6227fc23b936fe
- SHA512
  
  d11b5901c0793f53b19ef648cde8e1c588a1311bf77efcce9fa5cdf5f312fbdca27c56a1230329b758a8aa4043a81bd21cb530c5da4128ccce2aad3dca20c5fe
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan