gozi_ifsb | 8df6ebe5ef56a0ccabcd3c916ea00f75b3896a839d1d573dd16dd6c254d06da8 | Triage

Sharing

General

Target

5073042799362048.zip
Size

552KB
Sample

210709-7pvm93xa2x
MD5

3a3ddc2f6606f84837515a2c3e96bfc9
SHA1

d991d4ad6029669050750ea90f64378dca407e59
SHA256

8df6ebe5ef56a0ccabcd3c916ea00f75b3896a839d1d573dd16dd6c254d06da8
SHA512

f33fdd7809b3f7f41b9ee006a5c33af10546580273d99642a9caa271ec7e9d3deb792f5816e8ae871a82a8f5f988f8e5b21d818aa0a7d4f2934d30018b727ba2

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  7f851519359f94a4921d20fcd82cf24ab821fac1a1c7c2f55553acb43ca49560
- Size
  
  937KB
- MD5
  
  bafb0686a3114b7fe13cff6f07fffe81
- SHA1
  
  f26577bb6e24d82529b875139065c290d4bf0e89
- SHA256
  
  7f851519359f94a4921d20fcd82cf24ab821fac1a1c7c2f55553acb43ca49560
- SHA512
  
  85faf853aad8de4ff9284c688a76b54f504604ef3866a24c2ae6f1bfce2b17016716288272f32296ad5d084b21ed73a8f87c0499516bf850174ef6825423ce70
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan