gozi_ifsb | 2f4d76314a00fb7a8047fcdd3ee26c39d2a550cde356d35ae517631392a66e8a | Triage

Sharing

General

Target

#Gozi
Size

1.2MB
Sample

211005-lrm39ahhcn
MD5

fe127f07c086ee240c4699ae97b23672
SHA1

980b76c3bb9f12c2033897c9e432c3f0f4d3db31
SHA256

2f4d76314a00fb7a8047fcdd3ee26c39d2a550cde356d35ae517631392a66e8a
SHA512

4442d5342ea200a05fbc95f5281fdda7aacfad7c22665c8f10d0c81db0fd6009344a77c708bfca129026037b8985772682e439a2325bc55cf46e9b4e89b51381

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/login

vloderuniok.website

gloderuniok.website

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  #Gozi
- Size
  
  1.2MB
- MD5
  
  fe127f07c086ee240c4699ae97b23672
- SHA1
  
  980b76c3bb9f12c2033897c9e432c3f0f4d3db31
- SHA256
  
  2f4d76314a00fb7a8047fcdd3ee26c39d2a550cde356d35ae517631392a66e8a
- SHA512
  
  4442d5342ea200a05fbc95f5281fdda7aacfad7c22665c8f10d0c81db0fd6009344a77c708bfca129026037b8985772682e439a2325bc55cf46e9b4e89b51381
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankersuricatatrojan