gozi_ifsb | b7d73139f8758b04508d6873dd29011ab35b336b73ece0d4ea0710399c960180 | Triage

Resubmissions

07-09-2021 06:32

210907-hamjlsfchj 10

06-09-2021 21:47

210906-1m6gcsbdh9 10

Sharing

General

Target

blargh.dll
Size

368KB
Sample

210907-hamjlsfchj
MD5

fb4868e55a1dc8b84833262ac5ff6254
SHA1

af32286f8eaf266d4ee609aca40cad4a2221717b
SHA256

b7d73139f8758b04508d6873dd29011ab35b336b73ece0d4ea0710399c960180
SHA512

f35681252e85ac08f9754b5301545fd6f0eb87c512d000ae2618a6d8f0858e90b63714a0af11791610589a61d3e45d9d746f429eb4e128a1d80b5533e4d4ef9f

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

lureborufer.store

dureborufer.store

Attributes

build
250212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  blargh.dll
- Size
  
  368KB
- MD5
  
  fb4868e55a1dc8b84833262ac5ff6254
- SHA1
  
  af32286f8eaf266d4ee609aca40cad4a2221717b
- SHA256
  
  b7d73139f8758b04508d6873dd29011ab35b336b73ece0d4ea0710399c960180
- SHA512
  
  f35681252e85ac08f9754b5301545fd6f0eb87c512d000ae2618a6d8f0858e90b63714a0af11791610589a61d3e45d9d746f429eb4e128a1d80b5533e4d4ef9f
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan