gozi_ifsb | d332ff1e7387b8b4bd81740198bef987b313fea98fc337c3961d3016e4f186ea | Triage

Sharing

General

Target

6177d99838cea.tar
Size

460KB
Sample

211026-mm272shbg2
MD5

81163259832ea85f7e997e4697bf2bd1
SHA1

3735e357bc81fd825fab5c4e477749766aa8e1b8
SHA256

d332ff1e7387b8b4bd81740198bef987b313fea98fc337c3961d3016e4f186ea
SHA512

99d92a263d1ff9be203dea28862f017b8e9e22cce161ff25d7536f09d3968d0346ace08f6776af829ed92b60eb9600bf6f0df4686661562c5afe48cb9018fbf6

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

http://microsoft.com.login/

https://premiumweare.com

https://gloverunomai.com

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6177d99838cea.tar
- Size
  
  460KB
- MD5
  
  81163259832ea85f7e997e4697bf2bd1
- SHA1
  
  3735e357bc81fd825fab5c4e477749766aa8e1b8
- SHA256
  
  d332ff1e7387b8b4bd81740198bef987b313fea98fc337c3961d3016e4f186ea
- SHA512
  
  99d92a263d1ff9be203dea28862f017b8e9e22cce161ff25d7536f09d3968d0346ace08f6776af829ed92b60eb9600bf6f0df4686661562c5afe48cb9018fbf6
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan