gozi_ifsb | 1be687a0453f23ea53b94a4447c926a9b4b6e01c2788e641b76eb4a5215bd960 | Triage

Sharing

General

Target

5aa733e108f0fa41df88cea0a309affe.dll
Size

701KB
Sample

211011-rprasahea5
MD5

5aa733e108f0fa41df88cea0a309affe
SHA1

ce79918ca7845f2163360ea40a251912998ea226
SHA256

1be687a0453f23ea53b94a4447c926a9b4b6e01c2788e641b76eb4a5215bd960
SHA512

e18ef98a6bb007ee0ef473cd05bad85ac2f177d316981658e17a12f182effbcc98754fbefc362a4212a8eebcc71fc2e2a15c865b08c50f5990223bcb55d001af

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

breuranel.website

outlook.com/signup

areuranel.website

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  5aa733e108f0fa41df88cea0a309affe.dll
- Size
  
  701KB
- MD5
  
  5aa733e108f0fa41df88cea0a309affe
- SHA1
  
  ce79918ca7845f2163360ea40a251912998ea226
- SHA256
  
  1be687a0453f23ea53b94a4447c926a9b4b6e01c2788e641b76eb4a5215bd960
- SHA512
  
  e18ef98a6bb007ee0ef473cd05bad85ac2f177d316981658e17a12f182effbcc98754fbefc362a4212a8eebcc71fc2e2a15c865b08c50f5990223bcb55d001af
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan