gozi_ifsb | a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42 | Triage

Sharing

General

Target

a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42
Size

352KB
Sample

220701-g4e6ysffdp
MD5

5e58ce6ab4db0018af5d89544d5aafe1
SHA1

10db699993eb09799ff16304f6ad0229d1ecf2c8
SHA256

a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42
SHA512

8a9b19ac641498abf62864ce581436c4010a5156130a762cc8e96cbacac40016082bb26a03c9494d8b1f3b26817e96042f0c76903dff08891624ed3842e19c58

Score

10^/10

gozi_ifsb 3376 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214082

Extracted

Family

gozi_ifsb

Botnet

3376

C2

microsoft.com

update.microsoft.com

avast.com

nrosalynh.xyz

c85yeeamaya.info

haepjp.xyz

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42
- Size
  
  352KB
- MD5
  
  5e58ce6ab4db0018af5d89544d5aafe1
- SHA1
  
  10db699993eb09799ff16304f6ad0229d1ecf2c8
- SHA256
  
  a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42
- SHA512
  
  8a9b19ac641498abf62864ce581436c4010a5156130a762cc8e96cbacac40016082bb26a03c9494d8b1f3b26817e96042f0c76903dff08891624ed3842e19c58
Score

10^/10

gozi_ifsb banker trojan 3376
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsb3376bankertrojan