gozi_ifsb | ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c | Triage

Sharing

General

Target

ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c
Size

213KB
Sample

220516-p2sm9scbe3
MD5

8a77c85863b761ba90af4b78d3d01ceb
SHA1

bea36e75b477db2544d14b093e4f60847a9df2da
SHA256

ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c
SHA512

6bbb553a8005b58ef1e91addb8c557f5f5e23d495f8fbcfc1982f26ae385a9f870272b3fe77ac86c268300db758cab903882791d5730d4d2828902cc4213a248

Score

10^/10

gozi_ifsb 2200 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

Attributes

build
250155
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c
- Size
  
  213KB
- MD5
  
  8a77c85863b761ba90af4b78d3d01ceb
- SHA1
  
  bea36e75b477db2544d14b093e4f60847a9df2da
- SHA256
  
  ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c
- SHA512
  
  6bbb553a8005b58ef1e91addb8c557f5f5e23d495f8fbcfc1982f26ae385a9f870272b3fe77ac86c268300db758cab903882791d5730d4d2828902cc4213a248
Score

10^/10

gozi_ifsb 2200 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb2200bankertrojan

behavioral2

gozi_ifsb2200bankersuricatatrojan