gozi_ifsb | a4c7d46ab94add85adc74f9686c7367fd82eaae508b3e2227db8e62930fb3da0 | Triage

Sharing

General

Target

beneficial.dll
Size

643KB
Sample

210729-g23qd1amg6
MD5

631779ef3aecb4838360304f162dbd8c
SHA1

9103735e9771b40fb26b5b273683934dfea38402
SHA256

a4c7d46ab94add85adc74f9686c7367fd82eaae508b3e2227db8e62930fb3da0
SHA512

37a4008e70e99cdd182f95719a481ab811bd35867cae2c38c7c79cef406da7d6872762e1a79798a3a129f66c5326b3487e58a923214299d9410a044b5d14c667

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  beneficial.dll
- Size
  
  643KB
- MD5
  
  631779ef3aecb4838360304f162dbd8c
- SHA1
  
  9103735e9771b40fb26b5b273683934dfea38402
- SHA256
  
  a4c7d46ab94add85adc74f9686c7367fd82eaae508b3e2227db8e62930fb3da0
- SHA512
  
  37a4008e70e99cdd182f95719a481ab811bd35867cae2c38c7c79cef406da7d6872762e1a79798a3a129f66c5326b3487e58a923214299d9410a044b5d14c667
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan