gozi_ifsb | f65d89d469a51ea178d198fc3fd9123c63937daa6129d35f872769a85aa479e9 | Triage

Sharing

General

Target

7670346120.zip
Size

132KB
Sample

220629-ymrxvsecc3
MD5

e3e95f2558b7e156a39cc27984485ecc
SHA1

76c7c01b538e6c8fb8804d1fae1da7ee6d7172a4
SHA256

f65d89d469a51ea178d198fc3fd9123c63937daa6129d35f872769a85aa479e9
SHA512

2cdaba5e071c1ce6139f85472414802f765a5915737fe2f8454bb6d3f1762ecde783f2d3a018c33ee9f99a02afeda52910b9e7806d25a676cbfcc2fac3b4bad8

Score

10^/10

gozi_ifsb 3000 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

194.76.225.112

194.76.225.113

46.21.153.203

Attributes

base_path
/drew/
build
250239
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  64d2a023b1208a01375af17e3b02ff7eebae76d3a35ece915c52e5d7a021edc9
- Size
  
  226KB
- MD5
  
  e84631873c87ac0af8a0a0802afaafb3
- SHA1
  
  d6a37d21ea7bf956a086c03ccbeeb84ffeb758a3
- SHA256
  
  64d2a023b1208a01375af17e3b02ff7eebae76d3a35ece915c52e5d7a021edc9
- SHA512
  
  3a7da6eab40d580946d7eb01d1bab1920d5eb04044d52fb48300ea9dfd9e057c367f4605065841bdac82b288696a7142b66a6059281118f42a5244be14c94793
Score

10^/10

gozi_ifsb 3000 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3000bankertrojan

behavioral2

gozi_ifsb3000bankersuricatatrojan