gozi_ifsb | ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b | Triage

Sharing

General

Target

ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b
Size

352KB
Sample

220625-e1yssaeaen
MD5

f9cc0aea3f4d507684af2a2128c93130
SHA1

55ab8cf1d5d574f50191d97a05bc2d9f59e43eb8
SHA256

ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b
SHA512

94a4912a0fa9e0e4caa0ac618f44074bdc5cb283d8ff8d48acaf73f1144a9094a8818d66ae23dae768d9e4af9cef8eea920e922c1a558366a98610fac3fbd71b

Score

10^/10

gozi_ifsb 3376 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214082

Extracted

Family

gozi_ifsb

Botnet

3376

C2

microsoft.com

update.microsoft.com

avast.com

nrosalynh.xyz

c85yeeamaya.info

haepjp.xyz

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b
- Size
  
  352KB
- MD5
  
  f9cc0aea3f4d507684af2a2128c93130
- SHA1
  
  55ab8cf1d5d574f50191d97a05bc2d9f59e43eb8
- SHA256
  
  ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b
- SHA512
  
  94a4912a0fa9e0e4caa0ac618f44074bdc5cb283d8ff8d48acaf73f1144a9094a8818d66ae23dae768d9e4af9cef8eea920e922c1a558366a98610fac3fbd71b
Score

10^/10

gozi_ifsb 3376 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3376bankertrojan

behavioral2

gozi_ifsb3376bankertrojan