gozi_ifsb | 14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549 | Triage

Submit
Reports

Overview

overview

Static

static

14c677290e...49.exe

windows7_x64

14c677290e...49.exe

windows10-2004_x64

3

Sharing

General

Target

14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549
Size

507KB
Sample

220602-wvdn4ahgh2
MD5

acae0628b7df86f2257e76c064adc63c
SHA1

0ad10d85a70187745849d38551e6cb197f067d19
SHA256

14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549
SHA512

a81035177ebded54a1b54061f84da06fe42ee56fb2f07e0a1c7cc39eb109b83c1ef196034bba743b1eca47e7a6b78866327f5f3c5fbfd93c084735c7d8332027

Score

10^/10

gozi_ifsb banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549.exe

Resource

win7-20220414-en

gozi_ifsb banker persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214963

Targets

- Target
  
  14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549
- Size
  
  507KB
- MD5
  
  acae0628b7df86f2257e76c064adc63c
- SHA1
  
  0ad10d85a70187745849d38551e6cb197f067d19
- SHA256
  
  14c677290ebe1bf2be247eb076e2a702d1bc713d6ae249b1f00c78762c8b6549
- SHA512
  
  a81035177ebded54a1b54061f84da06fe42ee56fb2f07e0a1c7cc39eb109b83c1ef196034bba743b1eca47e7a6b78866327f5f3c5fbfd93c084735c7d8332027
Score

10^/10

gozi_ifsb banker persistence trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy