gozi_ifsb | c21498aea57a809c36258572bc551c6047a4bf93958bc7a3d4b46d844fc9f1b3 | Triage

Resubmissions

23-08-2021 22:27

210823-zzrykxs532 10

23-08-2021 22:07

210823-84ycc81bjn 10

09-07-2021 14:06

210709-5lky7g98wj 10

Sharing

General

Target

3d0.dll
Size

492KB
Sample

210709-5lky7g98wj
MD5

3d080af5324b49363773d0db21b620ed
SHA1

2724f486e0f8607eda3ea9e9783ea4f46bc98342
SHA256

c21498aea57a809c36258572bc551c6047a4bf93958bc7a3d4b46d844fc9f1b3
SHA512

d68d25125dc209f16936b8baad4334f7bb6c4fa58207fafd5428cb1c98630d668da6253e010ac4bb4dedd1dd418f1f31e08acef689e5f663fbde28c7935fadc0

Score

10^/10

gozi_ifsb 6000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3d0.dll
- Size
  
  492KB
- MD5
  
  3d080af5324b49363773d0db21b620ed
- SHA1
  
  2724f486e0f8607eda3ea9e9783ea4f46bc98342
- SHA256
  
  c21498aea57a809c36258572bc551c6047a4bf93958bc7a3d4b46d844fc9f1b3
- SHA512
  
  d68d25125dc209f16936b8baad4334f7bb6c4fa58207fafd5428cb1c98630d668da6253e010ac4bb4dedd1dd418f1f31e08acef689e5f663fbde28c7935fadc0
Score

10^/10

gozi_ifsb 6000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb6000bankertrojan

behavioral2

gozi_ifsb6000bankertrojan