gozi_ifsb | 1903054965db85227c9324e88928a00e36890de4e0dec8961abf68520b48e3f3 | Triage

Sharing

General

Target

1903054965db85227c9324e88928a00e36890de4e0dec8961abf68520b48e3f3
Size

221KB
Sample

220608-sralgsdcbj
MD5

616cbb4e11a548edd591c2616e6f013f
SHA1

f44f8aff3f97f40f245e66cb3567b86d4a54233b
SHA256

1903054965db85227c9324e88928a00e36890de4e0dec8961abf68520b48e3f3
SHA512

b8d4be20f1966d95647c7e210c3f980f1672625df24f097e9b139071ed42ec6ac02dc1f33ac96f0b65d159821a5353b839d2d9522c6f85b2aa51b655adb0256f

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2000

C2

x1.narutik.at/webstore

cdn5.narutik.at/webstore

cd.pranahat.at/webstore

Attributes

build
217083
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
172.104.136.243
8.8.8.8
176.126.70.119
51.15.98.97
193.183.98.66
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  1903054965db85227c9324e88928a00e36890de4e0dec8961abf68520b48e3f3
- Size
  
  221KB
- MD5
  
  616cbb4e11a548edd591c2616e6f013f
- SHA1
  
  f44f8aff3f97f40f245e66cb3567b86d4a54233b
- SHA256
  
  1903054965db85227c9324e88928a00e36890de4e0dec8961abf68520b48e3f3
- SHA512
  
  b8d4be20f1966d95647c7e210c3f980f1672625df24f097e9b139071ed42ec6ac02dc1f33ac96f0b65d159821a5353b839d2d9522c6f85b2aa51b655adb0256f
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2

gozi_ifsb2000bankertrojan