Overview

overview

10

Static

static

11c554a1ed...45.exe

windows7_x64

10

11c554a1ed...45.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11c554a1ed8952b63677542071f87a7349d0d508371e61236c82b3de62ce8845

  • Size

    308KB

  • Sample

    220604-agla5aafd8

  • MD5

    434e2060c3650402e75bfce4b8f6034e

  • SHA1

    0afdf4a1eabd95380e045111fb4f76f170e38ee4

  • SHA256

    11c554a1ed8952b63677542071f87a7349d0d508371e61236c82b3de62ce8845

  • SHA512

    e755ddbb3bd122fc96a6e7dd8e89d58cfceb57922bb8affff4ad7cb834b776b6e9e0cad5be7f6157231b13833f094fe7b1dfa2f1cc79d141d323b97a86e4e979

Score
10/10
gozi_ifsb1010bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1010

C2

sys.mohitsagarmusic.com/bcms/assets/img

sys.dylanlake653.com/bcms/assets/img

sys.cozmoattire.com/bcms/assets/img

sys.nahualbrand.com/bcms/assets/img

lansystemstat.com/bcms/assets/img

highnetwork.pw/bcms/assets/img

lostnetwork.in/bcms/assets/img

sysconnections.net/bcms/assets/img

lansupports.com/bcms/assets/img
Attributes
  • exe_type

    worker

  • server_id

    35

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      11c554a1ed8952b63677542071f87a7349d0d508371e61236c82b3de62ce8845

    • Size

      308KB

    • MD5

      434e2060c3650402e75bfce4b8f6034e

    • SHA1

      0afdf4a1eabd95380e045111fb4f76f170e38ee4

    • SHA256

      11c554a1ed8952b63677542071f87a7349d0d508371e61236c82b3de62ce8845

    • SHA512

      e755ddbb3bd122fc96a6e7dd8e89d58cfceb57922bb8affff4ad7cb834b776b6e9e0cad5be7f6157231b13833f094fe7b1dfa2f1cc79d141d323b97a86e4e979

    Score
    10/10
    gozi_ifsb1010bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks