Overview

overview

10

Static

static

6.tar.dll

windows7_x64

10

6.tar.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6.tar

  • Size

    392KB

  • Sample

    210920-l6hgbadfd5

  • MD5

    9a024750ca83441f6a1eb0357207f832

  • SHA1

    98451fe991746d4fb0ecade9a0bd318ba4eb9b6a

  • SHA256

    2e5118d15a18ae852bf94d91707ff634d9d8354fef492f5c4e1c46b9cf96184c

  • SHA512

    ef98bac4edbe11e4710d76774c692f8a9cae52048e49cfb73db74291a408edf93ef5cb5c5eb55e6f9ba51ee10820d2bd560aed917a4eafef9f29ee4d8d0e2d69

Score
10/10
gozi_ifsb8877bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

jkdoiloooooo1.nl

nkdlooooalksloooo.nl
Attributes
  • build

    250212

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      6.tar

    • Size

      392KB

    • MD5

      9a024750ca83441f6a1eb0357207f832

    • SHA1

      98451fe991746d4fb0ecade9a0bd318ba4eb9b6a

    • SHA256

      2e5118d15a18ae852bf94d91707ff634d9d8354fef492f5c4e1c46b9cf96184c

    • SHA512

      ef98bac4edbe11e4710d76774c692f8a9cae52048e49cfb73db74291a408edf93ef5cb5c5eb55e6f9ba51ee10820d2bd560aed917a4eafef9f29ee4d8d0e2d69

    Score
    10/10
    gozi_ifsb8877bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks