Overview

overview

10

Static

static

61406c9abfcad.rar.dll

windows7_x64

10

61406c9abfcad.rar.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61406c9abfcad.rar

  • Size

    368KB

  • Sample

    210914-lj6wdsfeb5

  • MD5

    048cc67667ca451a201be5057c3dfc5a

  • SHA1

    8126d4173c6e3536f1448ef66677e2df7c402f7f

  • SHA256

    ded13d4a537d366c3f4e9bd00ac0db8d90d5b87554b0957ac38ae81968e76ad8

  • SHA512

    fd20d67b9ef1643fe71bd5c584d11fc2d18d8f588f1fb9c0fcbf82616945e69dca15ae9aacbf23814335c0ca3a1df5326c530a4958656006a74ca813583cf93b

Score
10/10
gozi_ifsb8877bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

permanentitaly.nl

jklooopooooreer.nl
Attributes
  • build

    250212

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      61406c9abfcad.rar

    • Size

      368KB

    • MD5

      048cc67667ca451a201be5057c3dfc5a

    • SHA1

      8126d4173c6e3536f1448ef66677e2df7c402f7f

    • SHA256

      ded13d4a537d366c3f4e9bd00ac0db8d90d5b87554b0957ac38ae81968e76ad8

    • SHA512

      fd20d67b9ef1643fe71bd5c584d11fc2d18d8f588f1fb9c0fcbf82616945e69dca15ae9aacbf23814335c0ca3a1df5326c530a4958656006a74ca813583cf93b

    Score
    10/10
    gozi_ifsb8877bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks