gozi_ifsb | 6ef40f11ecafa6b1c46511cd767e62fc78bcfdd01359ad4efcdd3f9aaf81387b | Triage

Sharing

General

Target

5101939960086528.zip
Size

552KB
Sample

210709-rlqa8wzq1n
MD5

feb0c2f24708a1c00eabcbda7222d552
SHA1

6ae74b3de1181a1c611c364a86d9b79254b673c7
SHA256

6ef40f11ecafa6b1c46511cd767e62fc78bcfdd01359ad4efcdd3f9aaf81387b
SHA512

66130a5d91d717936f000e45dba37a5484cf02ef859d35bd0ad0b980205eb4bcfdbb62e52059477873951384697a9df2e751234e25be598ff6c5d48db3db923c

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3801a989edf1a3ac945a7af3b86e25d4c2e4c0be9f35115b24e198675fc05982
- Size
  
  937KB
- MD5
  
  f0768163be61e09e32af5108aa4b90ce
- SHA1
  
  cc43a6e718bd4cb5cc4cc8744d7d77a8e789909b
- SHA256
  
  3801a989edf1a3ac945a7af3b86e25d4c2e4c0be9f35115b24e198675fc05982
- SHA512
  
  7dcf3fa47b616ae2d7a4dd58197154635f8a90188fdccd4780d92636913ad4e88d475b1cc77a97162d2fdf0d9ef4379afc97de55c4062e663560ec03e43080c5
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan