gozi_ifsb | 39bbd79dc1a59d6823a53a988c1623454acb05d598748490eb7da5159ea49b6f | Triage

Sharing

General

Target

liana.m.zip
Size

304KB
Sample

210831-yxfdb1nn8n
MD5

e7aed9ac34cf4bd44bae351385ff1b1d
SHA1

cb86e35464a8f3779d524389debca023a01eadc8
SHA256

39bbd79dc1a59d6823a53a988c1623454acb05d598748490eb7da5159ea49b6f
SHA512

ed19bc9de6e55abaef0d6a21ad91e1d0af557e87df6bc787ff75626af10d85d135107d9380ffe375c0582be6ac43a921c852331deeafe3071bf80be38e562ef5

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

f1.bablefiler.at

f22.avanoruk.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  liana.m
- Size
  
  468KB
- MD5
  
  ea5a45bcbe61e5debd959622a2a95dcb
- SHA1
  
  34813d50e2f0bcfc22dcb0fd82f22c47f9072c2d
- SHA256
  
  091a33c2695ec6212f9ce129214e1fad28dbbac39a5f9d0cc1787d3d98e08b09
- SHA512
  
  acea0a3dd9c998c409031610630d34f3b2103545d8dcd5d1ca08b19aae403d521218df1193b93d8b3369c32c76e3807d636fc4a0e0c769ad26fb169e5f2a70a4
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan