gozi_ifsb | 3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c | Triage

Submit
Reports

Overview

overview

Static

static

3354522abf...3c.exe

windows7_x64

3354522abf...3c.exe

windows10-2004_x64

3

Sharing

General

Target

3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c
Size

477KB
Sample

220620-db5dlacaeq
MD5

f6162f7578e8ffa56bb77ef2c285a075
SHA1

eedc00b3acf3b31bd28623fa1e892328556661a2
SHA256

3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c
SHA512

c05851bc72c044c53c4e4b6363faa5914b1466c4302a1d7e7881578c9e1f755cdb2db4e8e0ecb0153f660a0752286abda941dcba11e810f827c3a56110e8c0a3

Score

10^/10

gozi_ifsb banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c.exe

Resource

win7-20220414-en

gozi_ifsb banker persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214963

Targets

- Target
  
  3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c
- Size
  
  477KB
- MD5
  
  f6162f7578e8ffa56bb77ef2c285a075
- SHA1
  
  eedc00b3acf3b31bd28623fa1e892328556661a2
- SHA256
  
  3354522abf0ba5c25fd93ef52cde13557584d6f2264daafc169c5f37ba08013c
- SHA512
  
  c05851bc72c044c53c4e4b6363faa5914b1466c4302a1d7e7881578c9e1f755cdb2db4e8e0ecb0153f660a0752286abda941dcba11e810f827c3a56110e8c0a3
Score

10^/10

gozi_ifsb banker persistence trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy