gozi_ifsb | 9ef7ed2350cf20e7180d5cf9a2e0cf9a8a9298aa472ad50190a9e61689d769b9 | Triage

Sharing

General

Target

d1c464402d432fe5c664c78ebaaed208.dll
Size

122KB
Sample

211122-qp589saeg4
MD5

d1c464402d432fe5c664c78ebaaed208
SHA1

c515b9649533481c2a189897ac22d5b7b74432b9
SHA256

9ef7ed2350cf20e7180d5cf9a2e0cf9a8a9298aa472ad50190a9e61689d769b9
SHA512

3b3e5675a7d24400718386393bb42d35d5dd3fc9b3fb86456971c621b2146baa8384434ca27f50c1e1fff4ffd4d4124c8b922d74e4fcd51243b989eaa3764b62

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

build
260216
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  d1c464402d432fe5c664c78ebaaed208.dll
- Size
  
  122KB
- MD5
  
  d1c464402d432fe5c664c78ebaaed208
- SHA1
  
  c515b9649533481c2a189897ac22d5b7b74432b9
- SHA256
  
  9ef7ed2350cf20e7180d5cf9a2e0cf9a8a9298aa472ad50190a9e61689d769b9
- SHA512
  
  3b3e5675a7d24400718386393bb42d35d5dd3fc9b3fb86456971c621b2146baa8384434ca27f50c1e1fff4ffd4d4124c8b922d74e4fcd51243b989eaa3764b62
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan