gozi_ifsb | 23af05e453111d0351229d775dadc076480029fd755616cbd0ac4618dc66772b | Triage

Sharing

General

Target

23af05e453111d0351229d775dadc076480029fd755616cbd0ac4618dc66772b
Size

390KB
Sample

220612-a3eepsbde7
MD5

225ffd144298eb3f220b3847392eedef
SHA1

8adc33c2e0c51d32ec16bd2b6c782bd97a0a9f7d
SHA256

23af05e453111d0351229d775dadc076480029fd755616cbd0ac4618dc66772b
SHA512

92f55d1683c3840a194749dfb2cf81412f3b694d3285b1b08012b745e80662a159f4360a88fb12664abc0da26f08216ab44daa34f72bf0eedcd2df80d9219236

Score

10^/10

gozi_ifsb banker trojan

Malware Config

Targets

- Target
  
  23af05e453111d0351229d775dadc076480029fd755616cbd0ac4618dc66772b
- Size
  
  390KB
- MD5
  
  225ffd144298eb3f220b3847392eedef
- SHA1
  
  8adc33c2e0c51d32ec16bd2b6c782bd97a0a9f7d
- SHA256
  
  23af05e453111d0351229d775dadc076480029fd755616cbd0ac4618dc66772b
- SHA512
  
  92f55d1683c3840a194749dfb2cf81412f3b694d3285b1b08012b745e80662a159f4360a88fb12664abc0da26f08216ab44daa34f72bf0eedcd2df80d9219236
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan