gozi_ifsb | c8a4eadbcf597b8ae08ae4392de7a856570e413a25439319788e055c0b48e4e4 | Triage

Sharing

General

Target

c8a4eadbcf597b8ae08ae4392de7a856570e413a25439319788e055c0b48e4e4
Size

435KB
Sample

220701-drczaahfhp
MD5

e5c46d8c6650ce39af50d21ad4414d32
SHA1

5642feda008df4c4fe113e0a0c7a741173a6a3d5
SHA256

c8a4eadbcf597b8ae08ae4392de7a856570e413a25439319788e055c0b48e4e4
SHA512

e4c9160001eaa516abb724050defab5dca03f5959acb30d97d076a6690d689eb9a9206ce14957da693e844d4e9c73666974c45e6bf992a18ef855e9c28730acd

Score

10^/10

gozi_ifsb 3533 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214107

Extracted

Family

gozi_ifsb

Botnet

3533

C2

gmail.com

google.com

s82dortha27r.top

qcnick5990.top

sd6eb.com

Attributes

build
214107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  c8a4eadbcf597b8ae08ae4392de7a856570e413a25439319788e055c0b48e4e4
- Size
  
  435KB
- MD5
  
  e5c46d8c6650ce39af50d21ad4414d32
- SHA1
  
  5642feda008df4c4fe113e0a0c7a741173a6a3d5
- SHA256
  
  c8a4eadbcf597b8ae08ae4392de7a856570e413a25439319788e055c0b48e4e4
- SHA512
  
  e4c9160001eaa516abb724050defab5dca03f5959acb30d97d076a6690d689eb9a9206ce14957da693e844d4e9c73666974c45e6bf992a18ef855e9c28730acd
Score

10^/10

gozi_ifsb banker trojan 3533
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsb3533bankertrojan