gozi_ifsb | e5491aa2958a837b01b8dd0d1942a6a8ec2755abbd4c9574afdc1afdabdfeb38 | Triage

Submit
Reports

Overview

overview

Static

static

6.tar.dll

windows7_x64

6.tar.dll

windows10_x64

Sharing

General

Target

6.tar
Size

701KB
Sample

211011-m8k6nahabk
MD5

0a5f8dedebf1adf5f61bf39c6dd9fff6
SHA1

f746bdac4d61b58f8085cbe4549a9b11df9ee515
SHA256

e5491aa2958a837b01b8dd0d1942a6a8ec2755abbd4c9574afdc1afdabdfeb38
SHA512

5fac0d65f377459193603c169b589f06c23df52ecf1d9429313a8781f5cf6804d98dd7929a2cfe467e777983e260de91fe3c746acdb0a8665d160ee2a6d94665

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

6.tar.dll

Resource

win7-en-20210920

gozi_ifsb 8899 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6.tar.dll

Resource

win10v20210408

gozi_ifsb 8899 banker suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

breuranel.website

outlook.com/signup

areuranel.website

micosoft.updati.com

37.120.222.97

microsoft.com/updatewindows

37.120.222.175

dreuranel.site

ireuranel.site

creuranel.site

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  6.tar
- Size
  
  701KB
- MD5
  
  0a5f8dedebf1adf5f61bf39c6dd9fff6
- SHA1
  
  f746bdac4d61b58f8085cbe4549a9b11df9ee515
- SHA256
  
  e5491aa2958a837b01b8dd0d1942a6a8ec2755abbd4c9574afdc1afdabdfeb38
- SHA512
  
  5fac0d65f377459193603c169b589f06c23df52ecf1d9429313a8781f5cf6804d98dd7929a2cfe467e777983e260de91fe3c746acdb0a8665d160ee2a6d94665
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankersuricatatrojan

© 2018-2024

Terms | Privacy