gozi_ifsb | aa4d5569f00d3fed84a25b4a1adcf28e55150e01cd5917082fa9569f774b984e | Triage

Sharing

General

Target

aa4d5569f00d3fed84a25b4a1adcf28e55150e01cd5917082fa9569f774b984e.dll
Size

1.7MB
Sample

211215-afl62aged8
MD5

ea96ae41f6dec70ce9f72ae9ef783c52
SHA1

a8782fb8f277df06c3d18aa3ed1eee9280bd096e
SHA256

aa4d5569f00d3fed84a25b4a1adcf28e55150e01cd5917082fa9569f774b984e
SHA512

fb1b90b36da6899c91212c6be582564c496f9fd10443235d7a1da736486f21de7495d30d9eaff4a90465aca7f282602f55cabd1d36c8678115062f2652c549ee

Score

10^/10

gozi_ifsb 8899 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

windows.update3.com

berukoneru.website

gerukoneru.website

fortunarah.com

Attributes

base_path
/tire/
build
260222
dga_season
10
exe_type
loader
extension
.eta
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  aa4d5569f00d3fed84a25b4a1adcf28e55150e01cd5917082fa9569f774b984e.dll
- Size
  
  1.7MB
- MD5
  
  ea96ae41f6dec70ce9f72ae9ef783c52
- SHA1
  
  a8782fb8f277df06c3d18aa3ed1eee9280bd096e
- SHA256
  
  aa4d5569f00d3fed84a25b4a1adcf28e55150e01cd5917082fa9569f774b984e
- SHA512
  
  fb1b90b36da6899c91212c6be582564c496f9fd10443235d7a1da736486f21de7495d30d9eaff4a90465aca7f282602f55cabd1d36c8678115062f2652c549ee
Score

10^/10

gozi_ifsb 8899 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankertrojan