gozi_ifsb | 1304822f60f26d982ee578417003549a74a58930c710f877b6a9de593473b271 | Triage

Sharing

General

Target

01926e279514e9f218b61ecb2645f63b0a5790384dba2b188f42d7373c6ebcf4.zip
Size

254KB
Sample

211020-zvyaaaaebk
MD5

c877b3aa47841991acc8ac5a0ff9b2ba
SHA1

846bcefe95da7bc0d9b5c797fe307a1e6f920876
SHA256

1304822f60f26d982ee578417003549a74a58930c710f877b6a9de593473b271
SHA512

796ae76c2ae2f58ed9cb4fcf76b2cb19e55e4770867f627fc4dc93de82968d79396bc403826cfa059a9bb9b26f2fb18924831c04a186f6cd941416d734b38fd6

Score

10^/10

gozi_ifsb 5566 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5566

C2

outlook.com

peajame.com

gderrrpololo.net

Attributes

build
250211
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  01926e279514e9f218b61ecb2645f63b0a5790384dba2b188f42d7373c6ebcf4
- Size
  
  421KB
- MD5
  
  b09c6de3b0f6ec6efbc0b3d02479e09c
- SHA1
  
  8d73b773fb1a3c3aa047da3b79beac5f4f5123d1
- SHA256
  
  01926e279514e9f218b61ecb2645f63b0a5790384dba2b188f42d7373c6ebcf4
- SHA512
  
  cda5536bbb9e8e46b8bc16336ecefb497f9f0ed5ddc80d8ffdb75b609d2c89fe230412c99fc45a30b196176150806b9bbb7abe00b40da833e2fc0193b7525947
Score

10^/10

gozi_ifsb 5566 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5566bankertrojan

behavioral2

gozi_ifsb5566bankertrojan