gozi_ifsb | ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b | Triage

Analysis

max time kernel
34s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 04:25

Sharing

Report Analysis Logs

General

Target

ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b.exe
Size

352KB
MD5

f9cc0aea3f4d507684af2a2128c93130
SHA1

55ab8cf1d5d574f50191d97a05bc2d9f59e43eb8
SHA256

ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b
SHA512

94a4912a0fa9e0e4caa0ac618f44074bdc5cb283d8ff8d48acaf73f1144a9094a8818d66ae23dae768d9e4af9cef8eea920e922c1a558366a98610fac3fbd71b

Score

10^/10

gozi_ifsb 3376 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214082

Extracted

Family

gozi_ifsb

Botnet

3376

C2

microsoft.com

update.microsoft.com

avast.com

nrosalynh.xyz

c85yeeamaya.info

haepjp.xyz

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b.exe
"C:\Users\Admin\AppData\Local\Temp\ee684eceb03c0b79a7a0044d7d49213fc6ea1660287bd31faa48e14f8f8a364b.exe"
1⤵
PID:4236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4236-130-0x0000000000850000-0x00000000008B4000-memory.dmp

Filesize
400KB

Download
memory/4236-132-0x0000000000850000-0x00000000008B4000-memory.dmp

Filesize
400KB

Download
memory/4236-131-0x0000000000850000-0x000000000085E000-memory.dmp

Filesize
56KB

Download
memory/4236-133-0x0000000000850000-0x00000000008B4000-memory.dmp

Filesize
400KB

Download
memory/4236-134-0x0000000001240000-0x000000000124F000-memory.dmp

Filesize
60KB

Download
memory/4236-140-0x0000000000850000-0x00000000008B4000-memory.dmp

Filesize
400KB

Download