Malware Analysis Report

2025-06-16 04:55

Sample ID 220615-akdepabhdl
Target 2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59
SHA256 2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59
Tags
gozi_ifsb 3199 banker trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59

Threat Level: Known bad

The file 2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59 was found to be: Known bad.

Malicious Activity Summary

gozi_ifsb 3199 banker trojan

Gozi, Gozi IFSB

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-15 00:15

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-15 00:15

Reported

2022-06-15 02:35

Platform

win10v2004-20220414-en

Max time kernel

31s

Max time network

38s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59.exe

"C:\Users\Admin\AppData\Local\Temp\2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59.exe"

Network

Country Destination Domain Proto
US 8.253.208.112:80 tcp
US 8.253.208.112:80 tcp
US 52.168.117.170:443 tcp

Files

memory/3768-130-0x0000000000D10000-0x0000000000D1F000-memory.dmp

memory/3768-131-0x0000000000D10000-0x0000000000D78000-memory.dmp

memory/3768-132-0x0000000000DC0000-0x0000000000DDB000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-15 00:15

Reported

2022-06-15 02:35

Platform

win7-20220414-en

Max time kernel

28s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59.exe

"C:\Users\Admin\AppData\Local\Temp\2bfd88ce4c1cef403f78823d9b95d7ddc3c0eb1c82b56d961eccce026f5d5e59.exe"

Network

N/A

Files

memory/1784-54-0x0000000074C81000-0x0000000074C83000-memory.dmp

memory/1784-56-0x0000000001200000-0x0000000001268000-memory.dmp

memory/1784-55-0x0000000001200000-0x000000000120F000-memory.dmp

memory/1784-57-0x00000000002F0000-0x000000000030B000-memory.dmp