gozi_ifsb | 79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695 | Triage

Sharing

General

Target

79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695
Size

145KB
Sample

220201-l3bvcscefr
MD5

3170f0ed199177fc13d6a86e7a6b0bb3
SHA1

e79195224a6fbf4bd6a442add27f25029317b08b
SHA256

79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695
SHA512

54f03f11b4d76e6ce3928a70c53942370ca23b8bd2c2d2f92079272a031deafe5187b3e7ef57b45e3374c36b3e9a10a4d3c40bec85bc2f8ada701c58ec0b55a3

Score

10^/10

gozi_ifsb 1071 banker persistence trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1071

C2

127.0.0.1

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695
- Size
  
  145KB
- MD5
  
  3170f0ed199177fc13d6a86e7a6b0bb3
- SHA1
  
  e79195224a6fbf4bd6a442add27f25029317b08b
- SHA256
  
  79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695
- SHA512
  
  54f03f11b4d76e6ce3928a70c53942370ca23b8bd2c2d2f92079272a031deafe5187b3e7ef57b45e3374c36b3e9a10a4d3c40bec85bc2f8ada701c58ec0b55a3
Score

10^/10

gozi_ifsb banker trojan persistence
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankerpersistencetrojan