gozi_ifsb | 9b8d718f7de61529733c5ee556e089ca281e35e9141060a2b6e5fbac9c574293 | Triage

Sharing

General

Target

9b8d718f7de61529733c5ee556e089ca281e35e9141060a2b6e5fbac9c574293
Size

421KB
Sample

220512-r3514abfen
MD5

dc196388fe348c76c9008531b5e579a9
SHA1

e0eb8ad11f6c896bc3f905f4e885fb1db7883edd
SHA256

9b8d718f7de61529733c5ee556e089ca281e35e9141060a2b6e5fbac9c574293
SHA512

a5d3896c524a642bccd948907f8bc268df041705e0a1e7bff79ece151d4e8744a967b361588c9292a866c8568eddfb3bbaad4bd73aab4cc66840e6487cf842f3

Score

10^/10

gozi_ifsb 2200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

Attributes

build
250155
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  9b8d718f7de61529733c5ee556e089ca281e35e9141060a2b6e5fbac9c574293
- Size
  
  421KB
- MD5
  
  dc196388fe348c76c9008531b5e579a9
- SHA1
  
  e0eb8ad11f6c896bc3f905f4e885fb1db7883edd
- SHA256
  
  9b8d718f7de61529733c5ee556e089ca281e35e9141060a2b6e5fbac9c574293
- SHA512
  
  a5d3896c524a642bccd948907f8bc268df041705e0a1e7bff79ece151d4e8744a967b361588c9292a866c8568eddfb3bbaad4bd73aab4cc66840e6487cf842f3
Score

10^/10

gozi_ifsb 2200 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankertrojan