gozi_ifsb | 750188ca7e0792e8c2c8db030c92403562c31d96ce5b6e23cec0b34fbc6c64ee | Triage

Sharing

General

Target

750188ca7e0792e8c2c8db030c92403562c31d96ce5b6e23cec0b34fbc6c64ee
Size

262KB
Sample

220208-a1qpysbcaq
MD5

421d1fd2f422040139978241de24850c
SHA1

16d3c82e93d6824033f23236f8f6315b1bd82557
SHA256

750188ca7e0792e8c2c8db030c92403562c31d96ce5b6e23cec0b34fbc6c64ee
SHA512

422ad0f248a8f710105f28faa3968738baf01793a956e78710191746d7b1e3a971e34ebb55c4c7c5c518b63918738f0208f36f9e2507514e10dab1c665a68fa1

Score

10^/10

gozi_ifsb 1100 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1100

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  urban.tgz
- Size
  
  405KB
- MD5
  
  8f6c878f21174f803a7879a4aee87b34
- SHA1
  
  9f3bff82262133c9325bdebd282b71b58695906e
- SHA256
  
  86b670d81a26ea394f7c0edebdc93e8f9bd6ce6e0a8d650e32a0fe36c93f0dee
- SHA512
  
  8253513edf2e6f5b4890400aea147fea6f9467a2495f68ea2296e73a41fafbd635d6455336ab1a5a4e31a8059b75ad835aa17c9ba7f1fbbb416a4cc672f1f3d0
Score

10^/10

gozi_ifsb 1100 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1100bankertrojan

behavioral2

gozi_ifsb1100bankertrojan