gozi_ifsb | e04823c56b627e74c92656340de38aed9804af65040bbed746b206de5a122dc5 | Triage

Sharing

General

Target

a04.dll
Size

380KB
Sample

211007-q5agjacea7
MD5

a04cc72f0946720cc875ed228f565c1d
SHA1

58b12ddffb7015e8857209c60a06ed4419a23641
SHA256

e04823c56b627e74c92656340de38aed9804af65040bbed746b206de5a122dc5
SHA512

dd899e5fab849ec5e27408597b39ff009866304a1d9b1a4e3ce126b72c25155fd379cbb6395e74f7a05b2d6a5f46bf17d631e261d90e778c791f7cb8543ebc32

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

app10.laptok.at

apt.feel500.at

init.in100k.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  a04.dll
- Size
  
  380KB
- MD5
  
  a04cc72f0946720cc875ed228f565c1d
- SHA1
  
  58b12ddffb7015e8857209c60a06ed4419a23641
- SHA256
  
  e04823c56b627e74c92656340de38aed9804af65040bbed746b206de5a122dc5
- SHA512
  
  dd899e5fab849ec5e27408597b39ff009866304a1d9b1a4e3ce126b72c25155fd379cbb6395e74f7a05b2d6a5f46bf17d631e261d90e778c791f7cb8543ebc32
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan