gozi_ifsb | 4744c0c5e50bbfc857b68f89a2d2eb285682faa0502e601b334689f16baa2fcd | Triage

Sharing

General

Target

4744c0c5e50bbfc857b68f89a2d2eb285682faa0502e601b334689f16baa2fcd
Size

354KB
Sample

220701-erhefadcd7
MD5

b3834ffb460820f8f65a1f2683f14852
SHA1

82248896ce332fd2064c3fe80e05d8ba5c1db18c
SHA256

4744c0c5e50bbfc857b68f89a2d2eb285682faa0502e601b334689f16baa2fcd
SHA512

7006538e2dba30de595c9a22250532f179cdc6bbf9d5d40f44740699608bf5404787407379b5f38e162789b27cfca1dccd22dc4418ea25e849ec22f0241c5903

Score

10^/10

gozi_ifsb 3177 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214062

Extracted

Family

gozi_ifsb

Botnet

3177

C2

wgcjeremy11.band

skelsigabriella.fun

xelectauishanie.email

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4744c0c5e50bbfc857b68f89a2d2eb285682faa0502e601b334689f16baa2fcd
- Size
  
  354KB
- MD5
  
  b3834ffb460820f8f65a1f2683f14852
- SHA1
  
  82248896ce332fd2064c3fe80e05d8ba5c1db18c
- SHA256
  
  4744c0c5e50bbfc857b68f89a2d2eb285682faa0502e601b334689f16baa2fcd
- SHA512
  
  7006538e2dba30de595c9a22250532f179cdc6bbf9d5d40f44740699608bf5404787407379b5f38e162789b27cfca1dccd22dc4418ea25e849ec22f0241c5903
Score

10^/10

gozi_ifsb 3177 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3177bankertrojan

behavioral2

gozi_ifsb3177bankertrojan