gozi_ifsb | a4ce38a54fe2038ab9de5292b4ec63f1c76562803206b8e2149df3bb21207fcc | Triage

Sharing

General

Target

a4ce38a54fe2038ab9de5292b4ec63f1c76562803206b8e2149df3bb21207fcc
Size

198KB
Sample

220520-rab8bafca3
MD5

c87ef7d40d7206bab31cca95d067a643
SHA1

1d4d8be48465cbd897a2277703a0ab77f5ab0752
SHA256

a4ce38a54fe2038ab9de5292b4ec63f1c76562803206b8e2149df3bb21207fcc
SHA512

2485838e8dfa84b97868a969c98945ce2c0b60c47a0ea40e30e598fcdbd80d178c59ceb5b4be0054d5b4c3e2f3ae0e012978c69df7e7beb227973c52e7b578d0

Score

10^/10

gozi_ifsb 3300 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3300

C2

cdn.arsis.at/api1

Attributes

build
250152
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  wellwisher.vcf
- Size
  
  286KB
- MD5
  
  4549708f2a9c381890a5558b2036bc49
- SHA1
  
  62309679b02f05d42bc05cf6c1f522e4837f4f04
- SHA256
  
  ae618e94c64b10307de3193efe693ba4cf0ea371a662038f705ba00779ad4f40
- SHA512
  
  11e0453fef0e061b93f6f7f9f2e956dbef5ff09781da602387e31fcab52b477b2827b07f528551fefbc7dd65b6ca8294f24c7751a5bdf58f341aa05ad78aef8c
Score

10^/10

gozi_ifsb 3300 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb3300bankertrojan

behavioral2

gozi_ifsb3300bankertrojan