gozi_ifsb | d194209d81a15219703b4f3524270d0d0b88b5cac37e97327aae4334e3224eb9 | Triage

Sharing

General

Target

d194209d81a15219703b4f3524270d0d0b88b5cac37e97327aae4334e3224eb9
Size

1.8MB
Sample

220625-mdqsnaaed5
MD5

55edc8c4bbd1a2da3a2b1602b1ab0d33
SHA1

178a929947dc27faf9f734aaaf305b253ed77da7
SHA256

d194209d81a15219703b4f3524270d0d0b88b5cac37e97327aae4334e3224eb9
SHA512

c5955c2a7f24bf027a3d22b177f53036cae6d797af99db599c0daca58250e7b82c68adfc8418667c22a21a25518c311d7a31587ec25d3666db77550108355d85

Score

10^/10

gozi_ifsb 3493 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214098

Extracted

Family

gozi_ifsb

Botnet

3493

C2

google.com

gmail.com

lsammietf53.com

p28u70webster.com

ploi7260m71.com

Attributes

build
214098
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  d194209d81a15219703b4f3524270d0d0b88b5cac37e97327aae4334e3224eb9
- Size
  
  1.8MB
- MD5
  
  55edc8c4bbd1a2da3a2b1602b1ab0d33
- SHA1
  
  178a929947dc27faf9f734aaaf305b253ed77da7
- SHA256
  
  d194209d81a15219703b4f3524270d0d0b88b5cac37e97327aae4334e3224eb9
- SHA512
  
  c5955c2a7f24bf027a3d22b177f53036cae6d797af99db599c0daca58250e7b82c68adfc8418667c22a21a25518c311d7a31587ec25d3666db77550108355d85
Score

10^/10

gozi_ifsb 3493 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb3493bankertrojan

behavioral2

gozi_ifsb3493bankertrojan