gozi_ifsb | 6ae184624c58d4c5abbebe161f0c11c4ba769000ad7be66d91344dec849afe1d | Triage

Sharing

General

Target

6.tiff
Size

368KB
Sample

210914-mf75qaaeeq
MD5

9873a73058617e62c9c8b55a6dd28e61
SHA1

c3ed14d4f37654caacadaf75ad24e7292c812f9d
SHA256

6ae184624c58d4c5abbebe161f0c11c4ba769000ad7be66d91344dec849afe1d
SHA512

babcdadc226aa412bafa0a85ff78ed38151dc30956dc0f80038699cb676fcf6f143af4a4cd5c44e9a17b188f12cbf81c012ab65e7b120acb53f34979a61c43c3

Score

10^/10

gozi_ifsb 8877 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

permanentitaly.nl

jklooopooooreer.nl

Attributes

build
250212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6.tiff
- Size
  
  368KB
- MD5
  
  9873a73058617e62c9c8b55a6dd28e61
- SHA1
  
  c3ed14d4f37654caacadaf75ad24e7292c812f9d
- SHA256
  
  6ae184624c58d4c5abbebe161f0c11c4ba769000ad7be66d91344dec849afe1d
- SHA512
  
  babcdadc226aa412bafa0a85ff78ed38151dc30956dc0f80038699cb676fcf6f143af4a4cd5c44e9a17b188f12cbf81c012ab65e7b120acb53f34979a61c43c3
Score

10^/10

gozi_ifsb 8877 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankersuricatatrojan