gozi_ifsb | 93ba5e117699976d0df8512ca37262af3dbb68897fc50167bacef1930c64816f | Triage

Sharing

General

Target

00000001.dll
Size

492KB
Sample

220323-t7qs3sdebm
MD5

84fd8b680be80ace7562c2a1f2547e96
SHA1

2528e75c0867dd07259b2fc42f0850d259eed418
SHA256

93ba5e117699976d0df8512ca37262af3dbb68897fc50167bacef1930c64816f
SHA512

e30ac5739174b6c1dba146e600fc2454b4fc89362ae953d14f26c9b77d90f117d89adb44c6af0f82c9b8f68874f5885316ee9993b1fdd08585210ce47f3353c4

Score

10^/10

gozi_ifsb 6000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  00000001.dll
- Size
  
  492KB
- MD5
  
  84fd8b680be80ace7562c2a1f2547e96
- SHA1
  
  2528e75c0867dd07259b2fc42f0850d259eed418
- SHA256
  
  93ba5e117699976d0df8512ca37262af3dbb68897fc50167bacef1930c64816f
- SHA512
  
  e30ac5739174b6c1dba146e600fc2454b4fc89362ae953d14f26c9b77d90f117d89adb44c6af0f82c9b8f68874f5885316ee9993b1fdd08585210ce47f3353c4
Score

10^/10

gozi_ifsb 6000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb6000bankertrojan