Malware Analysis Report

2025-06-16 04:53

Sample ID 220612-zx5gdabga2
Target 1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366
SHA256 1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366
Tags
gozi_ifsb 3140 banker trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366

Threat Level: Known bad

The file 1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366 was found to be: Known bad.

Malicious Activity Summary

gozi_ifsb 3140 banker trojan

Gozi, Gozi IFSB

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-12 21:06

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-12 21:06

Reported

2022-06-13 02:31

Platform

win10v2004-20220414-en

Max time kernel

75s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe

"C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe"

Network

Country Destination Domain Proto
US 20.189.173.4:443 tcp
US 8.8.8.8:53 226.101.242.52.in-addr.arpa udp
NL 104.110.191.133:80 tcp

Files

memory/1464-131-0x0000000000620000-0x00000000006A4000-memory.dmp

memory/1464-130-0x0000000000620000-0x000000000062F000-memory.dmp

memory/1464-132-0x00000000011D0000-0x00000000011EB000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-12 21:06

Reported

2022-06-13 02:30

Platform

win7-20220414-en

Max time kernel

146s

Max time network

50s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe

"C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe"

Network

N/A

Files

memory/912-54-0x0000000000B10000-0x0000000000B1F000-memory.dmp

memory/912-55-0x0000000000B10000-0x0000000000B94000-memory.dmp

memory/912-56-0x00000000001E0000-0x00000000001FB000-memory.dmp