gozi_ifsb | 0425e108d2f7134e8cfc0be2042b2c517b0202b9114d339ab607d08ad20719ba | Triage

Sharing

General

Target

0425e108d2f7134e8cfc0be2042b2c517b0202b9114d339ab607d08ad20719ba
Size

215KB
Sample

220527-1x73yaacgp
MD5

2e0e40c9dddc80de6f6187a8ab3e5f8c
SHA1

bf819e40f3608610b3dae2a11ef9e7ad93c11bb2
SHA256

0425e108d2f7134e8cfc0be2042b2c517b0202b9114d339ab607d08ad20719ba
SHA512

ad0d1f26137854432654d62cf7b916202d84fe7ea8c059b37514027cb89f72e6498f4b9ea98ecac59ccf3619eb1b4a954c1cc83d0a9e7e78c7f7d3af1ac17979

Score

10^/10

gozi_ifsb 3153 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
215165

Extracted

Family

gozi_ifsb

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0425e108d2f7134e8cfc0be2042b2c517b0202b9114d339ab607d08ad20719ba
- Size
  
  215KB
- MD5
  
  2e0e40c9dddc80de6f6187a8ab3e5f8c
- SHA1
  
  bf819e40f3608610b3dae2a11ef9e7ad93c11bb2
- SHA256
  
  0425e108d2f7134e8cfc0be2042b2c517b0202b9114d339ab607d08ad20719ba
- SHA512
  
  ad0d1f26137854432654d62cf7b916202d84fe7ea8c059b37514027cb89f72e6498f4b9ea98ecac59ccf3619eb1b4a954c1cc83d0a9e7e78c7f7d3af1ac17979
Score

10^/10

gozi_ifsb 3153 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3153bankertrojan

behavioral2

gozi_ifsb3153bankertrojan