gozi_ifsb | 3865cbcb95d0e8128d9abe34932e9e71c69e595dcf2e4d2efffdafdbbae1de5f | Triage

Submit
Reports

Overview

overview

Static

static

1.bat

windows10_x64

Sharing

General

Target

pay1754.zip
Size

736KB
Sample

210915-vtqrlaebal
MD5

fc67e693b5fbd12b89cc659a3ffc262c
SHA1

d4cd9b62dd400731f5c5a6ef8846a57c2ca066f2
SHA256

3865cbcb95d0e8128d9abe34932e9e71c69e595dcf2e4d2efffdafdbbae1de5f
SHA512

89aa5aaff06b9222e3da54fa006793be15a2ab7175f0251f3f7e6e623b6915e0abeb93e89a030c5bd7f0f6964419187bfbc564039b09f2fdb3d6e14a48a960c3

Score

10^/10

gozi_ifsb 1500 banker suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

1.bat

Resource

win10-en

gozi_ifsb 1500 banker suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

atl.bigbigpoppa.com

pop.urlovedstuff.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1.bat
- Size
  
  5B
- MD5
  
  53f31a089339194f333d2e3995dbb05e
- SHA1
  
  d929c82d2ee727ccbea9c50c669a71075249899f
- SHA256
  
  86b0c5a1e2b73b08fd54c727f4458649ed9fe3ad1b6e8ac9460c070113509a1e
- SHA512
  
  d6f0e8c65e1fe60e81be2aee69b09b9a5df7519dff082cc4e51a705fb044a34db7198b40d480df0a048e32a7d2cf0c4090d64af123a5d852c21c8a35de4ff3fc
Score

10^/10

gozi_ifsb 1500 banker suricata trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb1500bankersuricatatrojan

© 2018-2024

Terms | Privacy