gozi_ifsb | 9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e | Triage

Resubmissions

06-12-2021 10:53

211206-my8tzagfh4 10

28-07-2021 08:22

210728-8lskcpfdj6 10

Sharing

General

Target

6101135878f66.dll
Size

543KB
Sample

211206-my8tzagfh4
MD5

0d68d238d713f63ff02be916ae633466
SHA1

46958a4143c337f8406b0c785d434c8892e902e8
SHA256

9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e
SHA512

502daafc9ba908cf8b682e2496be0785c7ccf035e8876df2b31b97dd43a5f79e50505afa63cd60be1df89003ae774d071777433cfc2b14359e581175b290ef33

Score

10^/10

gozi_ifsb 8877 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net

Attributes

base_path
/jkloop/
build
250207
dga_season
10
exe_type
loader
extension
.kre
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6101135878f66.dll
- Size
  
  543KB
- MD5
  
  0d68d238d713f63ff02be916ae633466
- SHA1
  
  46958a4143c337f8406b0c785d434c8892e902e8
- SHA256
  
  9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e
- SHA512
  
  502daafc9ba908cf8b682e2496be0785c7ccf035e8876df2b31b97dd43a5f79e50505afa63cd60be1df89003ae774d071777433cfc2b14359e581175b290ef33
Score

10^/10

gozi_ifsb 8877 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8877bankertrojan

behavioral2

gozi_ifsb8877bankertrojan