gozi_ifsb | 450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb | Triage

Sharing

General

Target

cbe2a109ef92af54de51a534980151a7.dll
Size

123KB
Sample

211123-kqfr4scgb9
MD5

cbe2a109ef92af54de51a534980151a7
SHA1

e71ab85a35df851229f87fde059ad35ed167bdbc
SHA256

450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
SHA512

c30e3d42ed63a1327088111cc7ad3baa11149d5a9c9b7778a7561bc67a38c07be01978654128f29486c595441cc13a82ceaf6026ec9b04bbf5e2f1fd01c06020

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

build
260216
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  cbe2a109ef92af54de51a534980151a7.dll
- Size
  
  123KB
- MD5
  
  cbe2a109ef92af54de51a534980151a7
- SHA1
  
  e71ab85a35df851229f87fde059ad35ed167bdbc
- SHA256
  
  450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
- SHA512
  
  c30e3d42ed63a1327088111cc7ad3baa11149d5a9c9b7778a7561bc67a38c07be01978654128f29486c595441cc13a82ceaf6026ec9b04bbf5e2f1fd01c06020
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan