gozi_ifsb | b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9 | Triage

Resubmissions

09-12-2021 17:58

211209-wj5nfaeedr 10

22-11-2021 16:33

211122-t2z5kagadm 3

Sharing

General

Target

6.bin
Size

119KB
Sample

211209-wj5nfaeedr
MD5

9ed64dfc08c0f369e5543ef133a22fb2
SHA1

5732a16dffde291d8125120477133ee36cfd93e4
SHA256

b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9
SHA512

e2fe5b228a0623bd32953b183f1dac74ee5c016ded7686b167d2054c53cffbd2e0c3dc4ef5e2cf0e802e4565c17c3ab2cd06eaf27f24605011bad206472c8643

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

base_path
/glik/
build
260216
dga_season
10
exe_type
loader
extension
.lwe
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6.bin
- Size
  
  119KB
- MD5
  
  9ed64dfc08c0f369e5543ef133a22fb2
- SHA1
  
  5732a16dffde291d8125120477133ee36cfd93e4
- SHA256
  
  b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9
- SHA512
  
  e2fe5b228a0623bd32953b183f1dac74ee5c016ded7686b167d2054c53cffbd2e0c3dc4ef5e2cf0e802e4565c17c3ab2cd06eaf27f24605011bad206472c8643
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2