gozi_ifsb | 41c0934ba1be030dbae45893107f6a2ae5f99c79d7634626263cdf809f7556ee | Triage

Sharing

General

Target

616412739e268.dll
Size

701KB
Sample

211011-ml4dqaghel
MD5

9e67e68ddbedba865b91b5469ab642ef
SHA1

f2c7b0735343081be06e48616d0fc14235a28744
SHA256

41c0934ba1be030dbae45893107f6a2ae5f99c79d7634626263cdf809f7556ee
SHA512

802d983ca7ca04ae737da69ed5772eece8f408c6c02c8d0c42cfea1c1abf25236b02c35c09d56f3ba6a229b3b71f72fa3d4c6735c8670c76affdbbc139b63d87

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

breuranel.website

outlook.com/signup

areuranel.website

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  616412739e268.dll
- Size
  
  701KB
- MD5
  
  9e67e68ddbedba865b91b5469ab642ef
- SHA1
  
  f2c7b0735343081be06e48616d0fc14235a28744
- SHA256
  
  41c0934ba1be030dbae45893107f6a2ae5f99c79d7634626263cdf809f7556ee
- SHA512
  
  802d983ca7ca04ae737da69ed5772eece8f408c6c02c8d0c42cfea1c1abf25236b02c35c09d56f3ba6a229b3b71f72fa3d4c6735c8670c76affdbbc139b63d87
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan