gozi_ifsb | 7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9 | Triage

Sharing

General

Target

7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
Size

252KB
Sample

220201-f86n2aaad8
MD5

a7cbf4937c36b65d7af6aeb54e8b63f0
SHA1

c1bff59350a7117762e34817f2a0f2edbdec11bf
SHA256

7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
SHA512

296cdb6ef6001a2c9c3d190b70d8a4e1be97ad11e8c0d7ae02730f190989fd0a8d7bdcc73ec06832bf0f75b23c2fc808b7b773a96644d03f46017e49a37c877a

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
217083

Extracted

Family

gozi_ifsb

Botnet

2000

C2

x1.narutik.at/webstore

cdn5.narutik.at/webstore

cd.pranahat.at/webstore

Attributes

build
217083
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
172.104.136.243
8.8.8.8
176.126.70.119
51.15.98.97
193.183.98.66
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
- Size
  
  252KB
- MD5
  
  a7cbf4937c36b65d7af6aeb54e8b63f0
- SHA1
  
  c1bff59350a7117762e34817f2a0f2edbdec11bf
- SHA256
  
  7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
- SHA512
  
  296cdb6ef6001a2c9c3d190b70d8a4e1be97ad11e8c0d7ae02730f190989fd0a8d7bdcc73ec06832bf0f75b23c2fc808b7b773a96644d03f46017e49a37c877a
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2