gozi_ifsb | 0fad99df64bf4006dbc91b0ad6a3bb38170561ecc759d352a6912e4c86d5c682 | Triage

Sharing

General

Target

6135f2de69858.dll
Size

354KB
Sample

210906-mzjlgabaa2
MD5

bd8eb04c32d3cd91394c35f4e4188935
SHA1

38ecc039edec7479d410301d0ddc4a7b97d24c62
SHA256

0fad99df64bf4006dbc91b0ad6a3bb38170561ecc759d352a6912e4c86d5c682
SHA512

46c074aae4135e7968853c50b4ac768006f8087fa1be3689293d570839bde36416225dc43039b920aee5e4d89ab8e18317c277c6206d1821162bf758ca260142

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

lureborufer.store

dureborufer.store

Attributes

build
250212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6135f2de69858.dll
- Size
  
  354KB
- MD5
  
  bd8eb04c32d3cd91394c35f4e4188935
- SHA1
  
  38ecc039edec7479d410301d0ddc4a7b97d24c62
- SHA256
  
  0fad99df64bf4006dbc91b0ad6a3bb38170561ecc759d352a6912e4c86d5c682
- SHA512
  
  46c074aae4135e7968853c50b4ac768006f8087fa1be3689293d570839bde36416225dc43039b920aee5e4d89ab8e18317c277c6206d1821162bf758ca260142
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan