gozi_ifsb | 1d00f2eb04db8c8ab8c30c80436566e18a2e91bafff92e285e60432bfed30ca9 | Triage

Sharing

General

Target

1d00f2eb04db8c8ab8c30c80436566e18a2e91bafff92e285e60432bfed30ca9
Size

372KB
Sample

220607-fqwq4sedar
MD5

ca29c3628806df07b94afb0e085ddd5e
SHA1

6c82365e6f9014913905098df48e1e470cbf5837
SHA256

1d00f2eb04db8c8ab8c30c80436566e18a2e91bafff92e285e60432bfed30ca9
SHA512

3aac116d7a804551a4d1b0254813bcce73ac74747a92cf69f780bdf976101b8c57dde71a9814b224a7a0cd71347db7854743b94aedd79e7c3cae541c57881d07

Score

10^/10

gozi_ifsb 3181 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214062

Extracted

Family

gozi_ifsb

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  1d00f2eb04db8c8ab8c30c80436566e18a2e91bafff92e285e60432bfed30ca9
- Size
  
  372KB
- MD5
  
  ca29c3628806df07b94afb0e085ddd5e
- SHA1
  
  6c82365e6f9014913905098df48e1e470cbf5837
- SHA256
  
  1d00f2eb04db8c8ab8c30c80436566e18a2e91bafff92e285e60432bfed30ca9
- SHA512
  
  3aac116d7a804551a4d1b0254813bcce73ac74747a92cf69f780bdf976101b8c57dde71a9814b224a7a0cd71347db7854743b94aedd79e7c3cae541c57881d07
Score

10^/10

gozi_ifsb 3181 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3181bankertrojan

behavioral2

gozi_ifsb3181bankertrojan