gozi_ifsb | 47715e425398283d53019c270311ad0c709f660048d2f884d5116d80b983743f | Triage

Sharing

General

Target

c4c060ec6b1e42d70972d0af66a04e66.dll
Size

701KB
Sample

211011-r7s74ahed7
MD5

c4c060ec6b1e42d70972d0af66a04e66
SHA1

3ef84847fceb31b8814c12c94c57c72a5281d6f5
SHA256

47715e425398283d53019c270311ad0c709f660048d2f884d5116d80b983743f
SHA512

5553d68867af378d347620208b35d4d6261526770cf2a47884f0eff17392cedfa91ab491265717a459b4ccbe43f490a90caaf9289b9f92e8cd63140710e9ca78

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

breuranel.website

outlook.com/signup

areuranel.website

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  c4c060ec6b1e42d70972d0af66a04e66.dll
- Size
  
  701KB
- MD5
  
  c4c060ec6b1e42d70972d0af66a04e66
- SHA1
  
  3ef84847fceb31b8814c12c94c57c72a5281d6f5
- SHA256
  
  47715e425398283d53019c270311ad0c709f660048d2f884d5116d80b983743f
- SHA512
  
  5553d68867af378d347620208b35d4d6261526770cf2a47884f0eff17392cedfa91ab491265717a459b4ccbe43f490a90caaf9289b9f92e8cd63140710e9ca78
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan