gozi_ifsb | 80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764 | Triage

Submit
Reports

Overview

overview

Static

static

8

80e3a54e37...64.exe

windows10_x64

Resubmissions

21-10-2021 09:41

211021-lntfvsahfn 10

14-11-2020 18:23

201114-kdmqjxwkme 10

Sharing

General

Target

80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
Size

273KB
Sample

211021-lntfvsahfn
MD5

54cd7479c93e54ce8c9784b8b1a0392b
SHA1

c3e15e023c4ae835789b82befbe328ae137417ea
SHA256

80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
SHA512

cea67d7c1094b107a83c607196d9d4d16e0d7d6b7e5cdaa81d83e52422a9194203680d65b44c106c46a8e47dc6251fe292930e9fcc8b757b7d5242383286afbb

Score

10^/10

gozi_ifsb 10003 banker persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764.exe

Resource

win10-en-20210920

gozi_ifsb 10003 banker persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10003

C2

127.0.0.1

Attributes

build
214711
dga_base_url
z1.zedo.com/robots.txt
dga_crc
0xf24ca29e
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
- Size
  
  273KB
- MD5
  
  54cd7479c93e54ce8c9784b8b1a0392b
- SHA1
  
  c3e15e023c4ae835789b82befbe328ae137417ea
- SHA256
  
  80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
- SHA512
  
  cea67d7c1094b107a83c607196d9d4d16e0d7d6b7e5cdaa81d83e52422a9194203680d65b44c106c46a8e47dc6251fe292930e9fcc8b757b7d5242383286afbb
Score

10^/10

gozi_ifsb 10003 banker persistence trojan upx
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb10003bankerpersistencetrojanupx

© 2018-2024

Terms | Privacy