Overview

overview

10

Static

static

Janos.bin.dll

windows7_x64

10

Janos.bin.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Janos.bin

  • Size

    339KB

  • Sample

    210907-zkk7zagedn

  • MD5

    3ee784b20a405a7b032728a7bcac456c

  • SHA1

    d1b224481e428fc86e9c55e2ff138b30b5cfbfab

  • SHA256

    3fd290e335098184c8c2973272660f506c89f329a37cf590608863d002333386

  • SHA512

    7f5dd561e321b3787e65b478aab720ac8aeb95034567c3b942184b6f35f011474415ba5714488a968815a7351e0c44b129d686877392225a2aeca361aab7adac

Score
10/10
gozi_ifsb1500bankersuricatatrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

atl.bigbigpoppa.com

pop.urlovedstuff.com
Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      Janos.bin

    • Size

      339KB

    • MD5

      3ee784b20a405a7b032728a7bcac456c

    • SHA1

      d1b224481e428fc86e9c55e2ff138b30b5cfbfab

    • SHA256

      3fd290e335098184c8c2973272660f506c89f329a37cf590608863d002333386

    • SHA512

      7f5dd561e321b3787e65b478aab720ac8aeb95034567c3b942184b6f35f011474415ba5714488a968815a7351e0c44b129d686877392225a2aeca361aab7adac

    Score
    10/10
    gozi_ifsb1500bankertrojansuricata

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks