gozi_ifsb | 14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622 | Triage

Sharing

General

Target

14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
Size

208KB
Sample

220602-xr7y7safa2
MD5

b6843d8d4e88ed439d5c25658a6261d9
SHA1

cd7fa5e7d6c33cf7ecdf253ee28de668230cd228
SHA256

14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
SHA512

913676ad69f5bb958700b156e8d24844cf3a8a654497ea54e36cc53e63a58a6f8c8da05e94c47e08cd2655de33127cf34771499b4ab4b0ced44e510065186732

Score

10^/10

gozi_ifsb 1111 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1111

C2

http://securemrc.ru

http://securecc.ru

http://roiboypo.ru

Attributes

build
217107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
- Size
  
  208KB
- MD5
  
  b6843d8d4e88ed439d5c25658a6261d9
- SHA1
  
  cd7fa5e7d6c33cf7ecdf253ee28de668230cd228
- SHA256
  
  14a42e5f2dea05a1879fd85db131ce4b3e22f04910f5d07eefe2c704394f9622
- SHA512
  
  913676ad69f5bb958700b156e8d24844cf3a8a654497ea54e36cc53e63a58a6f8c8da05e94c47e08cd2655de33127cf34771499b4ab4b0ced44e510065186732
Score

10^/10

gozi_ifsb 1111 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb1111bankertrojan

behavioral2

gozi_ifsb1111bankertrojan