gozi_ifsb | 5a3d88965e8c12180c222a035ba49e051851005a70fbfacd977392942c18396e | Triage

Submit
Reports

Overview

overview

Static

static

1.bat

windows10_x64

Sharing

General

Target

run.zip
Size

859KB
Sample

210908-wl21bsabaj
MD5

16aa858f7379e0bf106d15cb97a038e9
SHA1

ef8d77d9855d0cca2e204f29d83ca82360d5c6e9
SHA256

5a3d88965e8c12180c222a035ba49e051851005a70fbfacd977392942c18396e
SHA512

57d06ac955f21f271a8caa6184ca82ca048855ccbe1d4430410e5deb260ae6cb135617c3d919a617e47f8f7bb09ba226b59ff042a6f61b1d49df1818e04a936a

Score

10^/10

gozi_ifsb 1500 banker suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

1.bat

Resource

win10-en

gozi_ifsb 1500 banker suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

atl.bigbigpoppa.com

pop.urlovedstuff.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1.bat
- Size
  
  5B
- MD5
  
  53f31a089339194f333d2e3995dbb05e
- SHA1
  
  d929c82d2ee727ccbea9c50c669a71075249899f
- SHA256
  
  86b0c5a1e2b73b08fd54c727f4458649ed9fe3ad1b6e8ac9460c070113509a1e
- SHA512
  
  d6f0e8c65e1fe60e81be2aee69b09b9a5df7519dff082cc4e51a705fb044a34db7198b40d480df0a048e32a7d2cf0c4090d64af123a5d852c21c8a35de4ff3fc
Score

10^/10

gozi_ifsb 1500 banker suricata trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb1500bankersuricatatrojan

© 2018-2024

Terms | Privacy