gozi_ifsb | 6c4872e523f3934d8b86708165229bd6cd370cb1ce23c11456994a4f8b7a5ec3 | Triage

Sharing

General

Target

6c4872e523f3934d8b86708165229bd6cd370cb1ce23c11456994a4f8b7a5ec3
Size

121KB
Sample

220625-lsxdbahee4
MD5

826e2200e3b2cdfd7832afdcefd402e9
SHA1

072fb66f213df5a8ef798021268a98b29b5718d7
SHA256

6c4872e523f3934d8b86708165229bd6cd370cb1ce23c11456994a4f8b7a5ec3
SHA512

a95a422515c151681181968778d0f584926d55f3ecdef9b36226327ed1d3b8bc73a97ec3e9ee1abf1ebdd2e7a55db70ed85a7a84499d19b3a7b273e3a14b35d5

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2000

C2

api1.jbgool.at/webstore

api2.jbgool.at/webstore

Attributes

build
217119
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
107.174.86.134
107.175.127.22
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6c4872e523f3934d8b86708165229bd6cd370cb1ce23c11456994a4f8b7a5ec3
- Size
  
  121KB
- MD5
  
  826e2200e3b2cdfd7832afdcefd402e9
- SHA1
  
  072fb66f213df5a8ef798021268a98b29b5718d7
- SHA256
  
  6c4872e523f3934d8b86708165229bd6cd370cb1ce23c11456994a4f8b7a5ec3
- SHA512
  
  a95a422515c151681181968778d0f584926d55f3ecdef9b36226327ed1d3b8bc73a97ec3e9ee1abf1ebdd2e7a55db70ed85a7a84499d19b3a7b273e3a14b35d5
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2

gozi_ifsb2000bankertrojan