gozi_ifsb | bce328beb9ae78ec279dc17bf701d58cb1cfa12ff570b00c78c0ada6893c80cf | Triage

Sharing

General

Target

b39e97bde83db04c795d18b8f67e19ea.dll
Size

133KB
Sample

211122-p1r1cafebk
MD5

b39e97bde83db04c795d18b8f67e19ea
SHA1

d790b9fc4b6e37035357f1bcf3948b66c6931f15
SHA256

bce328beb9ae78ec279dc17bf701d58cb1cfa12ff570b00c78c0ada6893c80cf
SHA512

23839fbd59a5cefe9092e210a8abec08999f51a033f0ee44e6e008a4e6bf74b91eb6498b6ab756cc2bda242149c3a382a7cd0ad0d7c783ec3f48f7c95128fc54

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

build
260216
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  b39e97bde83db04c795d18b8f67e19ea.dll
- Size
  
  133KB
- MD5
  
  b39e97bde83db04c795d18b8f67e19ea
- SHA1
  
  d790b9fc4b6e37035357f1bcf3948b66c6931f15
- SHA256
  
  bce328beb9ae78ec279dc17bf701d58cb1cfa12ff570b00c78c0ada6893c80cf
- SHA512
  
  23839fbd59a5cefe9092e210a8abec08999f51a033f0ee44e6e008a4e6bf74b91eb6498b6ab756cc2bda242149c3a382a7cd0ad0d7c783ec3f48f7c95128fc54
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankersuricatatrojan