gozi_ifsb | f7d8d6786f0665412998662ed0fe90bb9cf165caf878d236637a055106eeaf9e | Triage

Sharing

General

Target

0a0b68ae75cac98bb3ebf8cdd35b63cf.dll
Size

118KB
Sample

211130-xelv7sfhhq
MD5

0a0b68ae75cac98bb3ebf8cdd35b63cf
SHA1

535d02eeace5fec8f92594a07d7fc55aec472c47
SHA256

f7d8d6786f0665412998662ed0fe90bb9cf165caf878d236637a055106eeaf9e
SHA512

5060c9559d3d37cb616f3d9fe6367ba8a2fe31ad11f2a342c5e6a7150e52ab4cbd35967e9ede9f8c3ee55030c7239a32f44c3c8d5abc6c0c6072c374645d589e

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

bvolebukoneh.site

karfaganda.com

Attributes

build
260216
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0a0b68ae75cac98bb3ebf8cdd35b63cf.dll
- Size
  
  118KB
- MD5
  
  0a0b68ae75cac98bb3ebf8cdd35b63cf
- SHA1
  
  535d02eeace5fec8f92594a07d7fc55aec472c47
- SHA256
  
  f7d8d6786f0665412998662ed0fe90bb9cf165caf878d236637a055106eeaf9e
- SHA512
  
  5060c9559d3d37cb616f3d9fe6367ba8a2fe31ad11f2a342c5e6a7150e52ab4cbd35967e9ede9f8c3ee55030c7239a32f44c3c8d5abc6c0c6072c374645d589e
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan