gozi_ifsb | 4e7f81fa970f3c2ffa70c22d10b2c81efbf7429594719be49b56a0b516503e4b | Triage

Sharing

General

Target

7dc420886e9c1a1e40e34d73ed2faf7c.dll
Size

139KB
Sample

211122-qpjehafefq
MD5

7dc420886e9c1a1e40e34d73ed2faf7c
SHA1

1cf57d47fab52815150a8236e985e7976aba4f75
SHA256

4e7f81fa970f3c2ffa70c22d10b2c81efbf7429594719be49b56a0b516503e4b
SHA512

71ed19f4556c8b87b8a5c9d833404aa1cb531bdabfbd5527760fbe1530d24db8c2eab71c03b1d351878789cb06bdf34e0a95f9b829b2354b9c1a6514a8028b5d

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

build
260216
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  7dc420886e9c1a1e40e34d73ed2faf7c.dll
- Size
  
  139KB
- MD5
  
  7dc420886e9c1a1e40e34d73ed2faf7c
- SHA1
  
  1cf57d47fab52815150a8236e985e7976aba4f75
- SHA256
  
  4e7f81fa970f3c2ffa70c22d10b2c81efbf7429594719be49b56a0b516503e4b
- SHA512
  
  71ed19f4556c8b87b8a5c9d833404aa1cb531bdabfbd5527760fbe1530d24db8c2eab71c03b1d351878789cb06bdf34e0a95f9b829b2354b9c1a6514a8028b5d
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankersuricatatrojan