gozi_ifsb | 3fff4baf83e75e39c51a2484ca04763852b6d6bf0a24ecb341e65dd2724711a0 | Triage

Sharing

General

Target

f685cc7a35c18f8948dfad741d830871
Size

1.7MB
Sample

211214-xflxlagcb3
MD5

f685cc7a35c18f8948dfad741d830871
SHA1

34d9e559ee878fc1f7a20ce073a902a81568f67f
SHA256

3fff4baf83e75e39c51a2484ca04763852b6d6bf0a24ecb341e65dd2724711a0
SHA512

05b36ebb61cece1881bbe8cb35efcf38d98f2dc8aec71a3e0d262aaeca6466d36637f10ce8409829231bfce356793b8eb27d3c792f9f2283cef19cfce68274d8

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

windows.update3.com

berukoneru.website

gerukoneru.website

fortunarah.com

Attributes

base_path
/tire/
build
260222
dga_season
10
exe_type
loader
extension
.eta
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  f685cc7a35c18f8948dfad741d830871
- Size
  
  1.7MB
- MD5
  
  f685cc7a35c18f8948dfad741d830871
- SHA1
  
  34d9e559ee878fc1f7a20ce073a902a81568f67f
- SHA256
  
  3fff4baf83e75e39c51a2484ca04763852b6d6bf0a24ecb341e65dd2724711a0
- SHA512
  
  05b36ebb61cece1881bbe8cb35efcf38d98f2dc8aec71a3e0d262aaeca6466d36637f10ce8409829231bfce356793b8eb27d3c792f9f2283cef19cfce68274d8
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan