gozi_ifsb | 351cb11ceac033294120769634d138051668aa6b0277f87a66b5c9b77335722d | Triage

Analysis

max time kernel
52s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
19-06-2022 18:50

Sharing

Report Analysis Logs

General

Target

351cb11ceac033294120769634d138051668aa6b0277f87a66b5c9b77335722d.exe
Size

372KB
MD5

95c105e341a2085c00fad1ef61c6d586
SHA1

43ee1ef1b5220156fdb7eccc2fb9caf708f46ae8
SHA256

351cb11ceac033294120769634d138051668aa6b0277f87a66b5c9b77335722d
SHA512

9c4758c56820eac068c4f43f4f11bd4cbe3e9aba85ebe2214146587953d8591e7267b889c823718145e32b89f6fe4da617352309326be43b4be0165c2a1e2ef5

Score

10^/10

gozi_ifsb 3181 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214062

Extracted

Family

gozi_ifsb

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\351cb11ceac033294120769634d138051668aa6b0277f87a66b5c9b77335722d.exe
"C:\Users\Admin\AppData\Local\Temp\351cb11ceac033294120769634d138051668aa6b0277f87a66b5c9b77335722d.exe"
1⤵
PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2676-131-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2676-130-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2676-132-0x0000000002220000-0x000000000223B000-memory.dmp

Filesize
108KB

Download