gozi_ifsb | e655f1afb49be062cded5683df9292ff4cd602ad5d6f648dddd8778af13c44e2 | Triage

Sharing

General

Target

e655f1afb49be062cded5683df9292ff4cd602ad5d6f648dddd8778af13c44e2
Size

142KB
Sample

220201-kvxlescdb4
MD5

43e346d3b7f7122ea578e988ee20cc6b
SHA1

62aec92a3b5f2f11da0fe34a4f47fda72d46d4a6
SHA256

e655f1afb49be062cded5683df9292ff4cd602ad5d6f648dddd8778af13c44e2
SHA512

22e08ea29e440c6b6bf5ef50b8b9d07ea550d74444e59a491076b50c1fdc949fb925cc3ed73dd53721bd3180be9cb6a57755431146f15079dd2de79a1e6f4ee5

Score

10^/10

gozi_ifsb 5500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

df1.kamalak.at/wpx

api3.lamanak.at/wpx

Attributes

build
250143
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
120

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  e655f1afb49be062cded5683df9292ff4cd602ad5d6f648dddd8778af13c44e2
- Size
  
  142KB
- MD5
  
  43e346d3b7f7122ea578e988ee20cc6b
- SHA1
  
  62aec92a3b5f2f11da0fe34a4f47fda72d46d4a6
- SHA256
  
  e655f1afb49be062cded5683df9292ff4cd602ad5d6f648dddd8778af13c44e2
- SHA512
  
  22e08ea29e440c6b6bf5ef50b8b9d07ea550d74444e59a491076b50c1fdc949fb925cc3ed73dd53721bd3180be9cb6a57755431146f15079dd2de79a1e6f4ee5
Score

10^/10

gozi_ifsb 5500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb5500bankertrojan

behavioral2