gozi_ifsb | e260986851f2d054fd9833ad516165a2f655fb7a94fae2c10baa6cd0881bfbd2 | Triage

Sharing

General

Target

619b70ad91f7d.tiff
Size

121KB
Sample

211122-mjbwpafcdj
MD5

65c1848557361db4f22649ba842fe348
SHA1

0bfe9c418da335bf7db6e8b6b96ef1755d83eba9
SHA256

e260986851f2d054fd9833ad516165a2f655fb7a94fae2c10baa6cd0881bfbd2
SHA512

19291da788d8e87d5a18c7fb4116070625084095d4c6e32fa879cf6922628a948e6a3682de0fe396f58fc9d0a9cf816805aadaf76457222b3f62769672a83d0a

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

build
260216
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  619b70ad91f7d.tiff
- Size
  
  121KB
- MD5
  
  65c1848557361db4f22649ba842fe348
- SHA1
  
  0bfe9c418da335bf7db6e8b6b96ef1755d83eba9
- SHA256
  
  e260986851f2d054fd9833ad516165a2f655fb7a94fae2c10baa6cd0881bfbd2
- SHA512
  
  19291da788d8e87d5a18c7fb4116070625084095d4c6e32fa879cf6922628a948e6a3682de0fe396f58fc9d0a9cf816805aadaf76457222b3f62769672a83d0a
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankersuricatatrojan