gozi_ifsb | 3f7a1443acef67582f280fd03ed799ae67241c3891cb5a1112b01001a1b0bd97 | Triage

Sharing

General

Target

3f7a1443acef67582f280fd03ed799ae67241c3891cb5a1112b01001a1b0bd97
Size

283KB
Sample

220701-bvzaksecgq
MD5

9b79029ec10e8a5320f5442aaf4de39c
SHA1

cdbf109abf03960d2820f1d99dbb734fee39c870
SHA256

3f7a1443acef67582f280fd03ed799ae67241c3891cb5a1112b01001a1b0bd97
SHA512

d0192cfb5d5f20c5d35b0796983c29ef795951ffcb2e314f7c6588ed368bc56cf810fdcb4679ae93d18aabc5cb24ffdbe4664a841fd685bf03e7bba757061444

Score

10^/10

gozi_ifsb 3545 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214107

Extracted

Family

gozi_ifsb

Botnet

3545

C2

settings-win.data.microsoft.com

bjanicki.com

h16uaramiro.com

z63gggermanaa.com

Attributes

build
214107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3f7a1443acef67582f280fd03ed799ae67241c3891cb5a1112b01001a1b0bd97
- Size
  
  283KB
- MD5
  
  9b79029ec10e8a5320f5442aaf4de39c
- SHA1
  
  cdbf109abf03960d2820f1d99dbb734fee39c870
- SHA256
  
  3f7a1443acef67582f280fd03ed799ae67241c3891cb5a1112b01001a1b0bd97
- SHA512
  
  d0192cfb5d5f20c5d35b0796983c29ef795951ffcb2e314f7c6588ed368bc56cf810fdcb4679ae93d18aabc5cb24ffdbe4664a841fd685bf03e7bba757061444
Score

10^/10

gozi_ifsb 3545 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb3545bankertrojan

behavioral2

gozi_ifsb3545bankertrojan