gozi_ifsb | c738d81cf3323d67d0e8bcca4df251c4f10a446d3f326e59adc29ed97d2c20b8 | Triage

Sharing

General

Target

c738d81cf3323d67d0e8bcca4df251c4f10a446d3f326e59adc29ed97d2c20b8
Size

104KB
Sample

220206-1mqqxacbhl
MD5

16960888be49bf8a5cc08bfa801a93eb
SHA1

eabf667642cc21d263496f806bb4de5ee86dc90a
SHA256

c738d81cf3323d67d0e8bcca4df251c4f10a446d3f326e59adc29ed97d2c20b8
SHA512

491da78e9d772714d251de8e271155838560412a195365ab3b5d5113cfdea7777f83f9c72010ce2b7a29599c45ddabd4ebf6d26e900061a6219851d718cc3359

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  gunky.odp
- Size
  
  33B
- MD5
  
  4a455289420e873a304701f64709ee06
- SHA1
  
  e59ec8c5c26ddf855696b4a730382e70f1a767e5
- SHA256
  
  00e7fa423d51b6d53f30074503c824e372bd04b03938828c5471012facba9c1e
- SHA512
  
  4a754e5a0e9002efa4b9275bf9aa276b12e551be199701fa90b29406a31b0b554ed3a390583c27335719612e88eb2a8d3d832a0f3129dfd9832f6afea660b16c
Score

4^/10
behavioral1 behavioral2
- Target
  
  trainmen.rtf
- Size
  
  160KB
- MD5
  
  24433fe5aed50417b17663e46bacf92c
- SHA1
  
  6ff9b5c8ff0fc10f3bcce07c4f4fda2eaa351188
- SHA256
  
  263be47f602b2156c9282afdd6a0f1fe9bb9022cef2eb0a821e8d8153d3a8d06
- SHA512
  
  c833a0e82e83e663eb362e7c18ae737d5750df2f1ad55ba68ba33ab87ed3d181b30bc8672f0a58e60ea25c0067b548e11d90cd8c8b4f566450fec01712900720
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

gozi_ifsb2200bankertrojan

behavioral4

gozi_ifsb2200bankertrojan