gozi_ifsb | c8cbf6b7c7dd4a902c31d1f14f508f6267f50d55bb84c306d6c16b6bf43b4107 | Triage

Sharing

General

Target

6177fc626d11c.dll
Size

467KB
Sample

211026-qax94sheb6
MD5

a04500c9a6a2b7b68297b5de2f340804
SHA1

37830ec36c04565da1d3378ed78c64c65e26699b
SHA256

c8cbf6b7c7dd4a902c31d1f14f508f6267f50d55bb84c306d6c16b6bf43b4107
SHA512

d5d4a2e3cec11033bf9a6c729f6ff47b8a117c7790d5e0d97c93bc06c31710bf3e9fb886df10ac3a347defcd5c73cbade9bd9c65e6520dbd155ed23344ba8227

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

realitystorys.com

outlook.com/signup

gderrrpololo.net

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6177fc626d11c.dll
- Size
  
  467KB
- MD5
  
  a04500c9a6a2b7b68297b5de2f340804
- SHA1
  
  37830ec36c04565da1d3378ed78c64c65e26699b
- SHA256
  
  c8cbf6b7c7dd4a902c31d1f14f508f6267f50d55bb84c306d6c16b6bf43b4107
- SHA512
  
  d5d4a2e3cec11033bf9a6c729f6ff47b8a117c7790d5e0d97c93bc06c31710bf3e9fb886df10ac3a347defcd5c73cbade9bd9c65e6520dbd155ed23344ba8227
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan