gozi_ifsb | 78444f56abea676f6480b29dbe9b4f18fcebf531451e97d999f30d0921acb8a4 | Triage

Sharing

General

Target

6178b05e7e505.tar.exe
Size

467KB
Sample

211027-cbr8laaeb9
MD5

00dcc037401e2932fcedab2ef1b1755c
SHA1

a8fec366e26428590e45b7e6d6ea7d19c1496d70
SHA256

78444f56abea676f6480b29dbe9b4f18fcebf531451e97d999f30d0921acb8a4
SHA512

2df7b0fbfc50374935ff584e392481aedc93fb374727fd7841b85431b4cf9da003298f5d758cb31f9fd69e1c555379b3567e2b7fbf4faaf3dc7dac0629d92031

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

realitystorys.com

outlook.com/signup

gderrrpololo.net

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6178b05e7e505.tar.exe
- Size
  
  467KB
- MD5
  
  00dcc037401e2932fcedab2ef1b1755c
- SHA1
  
  a8fec366e26428590e45b7e6d6ea7d19c1496d70
- SHA256
  
  78444f56abea676f6480b29dbe9b4f18fcebf531451e97d999f30d0921acb8a4
- SHA512
  
  2df7b0fbfc50374935ff584e392481aedc93fb374727fd7841b85431b4cf9da003298f5d758cb31f9fd69e1c555379b3567e2b7fbf4faaf3dc7dac0629d92031
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan