gozi_ifsb | 16b75747368d6dd25f6c716061cc18498a357afc63ea64f33901f30c168b90c1 | Triage

Sharing

General

Target

5555237368397824.zip
Size

552KB
Sample

210712-74jerhhhg6
MD5

21af874787c8b862a1bc8d65a4c34e32
SHA1

41e31535e0162c204d97df0c154716e0b8632022
SHA256

16b75747368d6dd25f6c716061cc18498a357afc63ea64f33901f30c168b90c1
SHA512

ef1224ccdb641690c76e41d7c30ac252104c66b3460dd1a80f067350c6830e18d45ec49a0fb4bd128d1883d6ef9bf93a28a5fb2ed296dd682be61ceef056434a

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d1a1d73e134edf8accffaa2779fa637b448b762a9bad81c3093fda115ed189e1
- Size
  
  937KB
- MD5
  
  492076d2d0e123d67a38e65ad5aaee6a
- SHA1
  
  e9abf822ac6c9ebe34ed7c724122a53703d1d6a4
- SHA256
  
  d1a1d73e134edf8accffaa2779fa637b448b762a9bad81c3093fda115ed189e1
- SHA512
  
  a99c4bca46e64f4f92ab9bb159e15294a1562b5df8c964091e07589db8725bf4a67227b694bc918badb5d964cd954cb15ae717713173088cfe622ea03837792f
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan