gozi_ifsb | 5eaa391593432a22119e53e5fd2ff6e7ba2f29fc41a370ab128704623a2d43cf | Triage

Submit
Reports

Overview

overview

Static

static

2.bat

windows10_x64

Sharing

General

Target

pres1642.zip
Size

725KB
Sample

210915-zdz3jseccp
MD5

361a0e3c13303e22c42651bbdd97f011
SHA1

363207d32822edca745e42c028c88b5c8ebff8f5
SHA256

5eaa391593432a22119e53e5fd2ff6e7ba2f29fc41a370ab128704623a2d43cf
SHA512

ae15d48079a1f8a44242c3c5dbe28e2969b6ceda836d239869999c132b1975d8a232fa5a4ac65556bb7b5c6166b16838b8f61d642df47090b8bd2425ebaec8e9

Score

10^/10

gozi_ifsb 1500 banker suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

2.bat

Resource

win10-en

gozi_ifsb 1500 banker suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

atl.bigbigpoppa.com

pop.urlovedstuff.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  2.bat
- Size
  
  5B
- MD5
  
  53f31a089339194f333d2e3995dbb05e
- SHA1
  
  d929c82d2ee727ccbea9c50c669a71075249899f
- SHA256
  
  86b0c5a1e2b73b08fd54c727f4458649ed9fe3ad1b6e8ac9460c070113509a1e
- SHA512
  
  d6f0e8c65e1fe60e81be2aee69b09b9a5df7519dff082cc4e51a705fb044a34db7198b40d480df0a048e32a7d2cf0c4090d64af123a5d852c21c8a35de4ff3fc
Score

10^/10

gozi_ifsb 1500 banker suricata trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb1500bankersuricatatrojan

© 2018-2024

Terms | Privacy