gozi_ifsb | d7e64f8e65ce586ce2f0a857810b2a23f85140bf5e52e5a824f09787fb2bf45e | Triage

Resubmissions

24-08-2021 15:04

210824-nsbf1ebs56 10

27-07-2021 08:55

210727-2d8acwdeyx 10

Sharing

General

Target

direction.dll
Size

252KB
Sample

210727-2d8acwdeyx
MD5

499200f6a8e223c057c6e16701740721
SHA1

ef46f9c62b94715b750173074c51100285ff6fe9
SHA256

d7e64f8e65ce586ce2f0a857810b2a23f85140bf5e52e5a824f09787fb2bf45e
SHA512

b32e3c480c7533d6fa745b3d22bf7d7bed1d0f52452b77c8232560e3d3e8979db53e0e45eb47e81757b6f20cfa01b20c55d5e63f423d89666ee74e6c9988a511

Score

10^/10

gozi_ifsb 7410 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7410

C2

signin.microsoft.com

alliances.bar

allianceline.bar

alliancer.bar

Attributes

build
250206
dns_servers
107.174.86.134
107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  direction.dll
- Size
  
  252KB
- MD5
  
  499200f6a8e223c057c6e16701740721
- SHA1
  
  ef46f9c62b94715b750173074c51100285ff6fe9
- SHA256
  
  d7e64f8e65ce586ce2f0a857810b2a23f85140bf5e52e5a824f09787fb2bf45e
- SHA512
  
  b32e3c480c7533d6fa745b3d22bf7d7bed1d0f52452b77c8232560e3d3e8979db53e0e45eb47e81757b6f20cfa01b20c55d5e63f423d89666ee74e6c9988a511
Score

10^/10

gozi_ifsb 7410 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb7410bankertrojan

behavioral2

gozi_ifsb7410bankersuricatatrojan