gozi_ifsb | 53f09461a48f10c95f426cd179106cbe94fba81c498fb7414d6a849470ee777e | Triage

Sharing

General

Target

3b7d8109b37e996e06ae68144f37a73c.exe
Size

1.7MB
Sample

211216-kkwldaccgm
MD5

3b7d8109b37e996e06ae68144f37a73c
SHA1

9ee1957c39834e9ea87cd72d7f09e9f08e1712d3
SHA256

53f09461a48f10c95f426cd179106cbe94fba81c498fb7414d6a849470ee777e
SHA512

549f93153ae0659dfc4876cb5e7dd3b65316fe5293912bcde2828f014039e7528b854db608653296f277be6bcd1b7a725f846fdf9698390baea2b2636a7d19cc

Score

10^/10

gozi_ifsb 8899 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

windows.update3.com

berukoneru.website

gerukoneru.website

fortunarah.com

Attributes

base_path
/tire/
build
260222
dga_season
10
exe_type
loader
extension
.eta
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3b7d8109b37e996e06ae68144f37a73c.exe
- Size
  
  1.7MB
- MD5
  
  3b7d8109b37e996e06ae68144f37a73c
- SHA1
  
  9ee1957c39834e9ea87cd72d7f09e9f08e1712d3
- SHA256
  
  53f09461a48f10c95f426cd179106cbe94fba81c498fb7414d6a849470ee777e
- SHA512
  
  549f93153ae0659dfc4876cb5e7dd3b65316fe5293912bcde2828f014039e7528b854db608653296f277be6bcd1b7a725f846fdf9698390baea2b2636a7d19cc
Score

10^/10

gozi_ifsb 8899 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
  suricata
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb8899bankertrojan

behavioral2

gozi_ifsb8899bankersuricatatrojan