gozi_ifsb | d34e749d13b49a7994481e5ec3e0c8aa7fcb8393ac65bbc9f2054a77b60e1f5f | Triage

Sharing

General

Target

5972177727553536.zip
Size

552KB
Sample

210713-cmjm3941p6
MD5

61d530a610455cf9dbd02d5c258a5e30
SHA1

653165d06d08a08bb9782ca88c619a96fb25d26c
SHA256

d34e749d13b49a7994481e5ec3e0c8aa7fcb8393ac65bbc9f2054a77b60e1f5f
SHA512

0a9686f0b33ab38d6dbe1c7f11908c463499835c92bc9d7376991f4d4d21002c57388c47f40f9964d26abae7271fbfc4d04dff4d49614614e577b53952790334

Score

10^/10

gozi_ifsb 4500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  c4b2f757b08982fac75a63df8a5569e09b320a22d0f202681d55cc968c01f71b
- Size
  
  937KB
- MD5
  
  1da0601d46dd56e2cfff320376dcf6d9
- SHA1
  
  2c8f22a48e97a9284452ef9b46b5f4bfe38e3199
- SHA256
  
  c4b2f757b08982fac75a63df8a5569e09b320a22d0f202681d55cc968c01f71b
- SHA512
  
  7c1f8d3e2b061f9a202a84ad7e2389afea636f745c38b62bc40c72431ed493b0242a2362ef02b98f5fd8dfd552c386392391e1cf4450a9c41c72c1316f3f0e5e
Score

10^/10

gozi_ifsb 4500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb4500bankertrojan

behavioral2

gozi_ifsb4500bankertrojan