gozi_ifsb | 01af206fca4a4ba6f152572a44f69408712547b59b77378011c52af1c966baa9 | Triage

Sharing

General

Target

01af206fca4a4ba6f152572a44f69408712547b59b77378011c52af1c966baa9
Size

352KB
Sample

220523-w47zaseber
MD5

745fdb980a4dfc4c29f69baafadfba11
SHA1

3a6fd279deeb22de46134a1c50ce8a8b2bc7eabb
SHA256

01af206fca4a4ba6f152572a44f69408712547b59b77378011c52af1c966baa9
SHA512

e626616614d13649f3149bc1d1c14b7a78dca724e8df2ad96d9b203114c8de97543042f13c796bb7315cc4041e59b8059bbec15258aca0a08874699658b5a243

Score

10^/10

gozi_ifsb 3376 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214082

Extracted

Family

gozi_ifsb

Botnet

3376

C2

microsoft.com

update.microsoft.com

avast.com

nrosalynh.xyz

c85yeeamaya.info

haepjp.xyz

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  01af206fca4a4ba6f152572a44f69408712547b59b77378011c52af1c966baa9
- Size
  
  352KB
- MD5
  
  745fdb980a4dfc4c29f69baafadfba11
- SHA1
  
  3a6fd279deeb22de46134a1c50ce8a8b2bc7eabb
- SHA256
  
  01af206fca4a4ba6f152572a44f69408712547b59b77378011c52af1c966baa9
- SHA512
  
  e626616614d13649f3149bc1d1c14b7a78dca724e8df2ad96d9b203114c8de97543042f13c796bb7315cc4041e59b8059bbec15258aca0a08874699658b5a243
Score

10^/10

gozi_ifsb banker trojan 3376
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsb3376bankertrojan