gozi_ifsb | 66c4fb72090d8f58cea15e6d8b599fec39c7916cc6ef03f925e796fa881116c4 | Triage

Sharing

General

Target

66c4fb72090d8f58cea15e6d8b599fec39c7916cc6ef03f925e796fa881116c4
Size

317KB
Sample

220701-hjaw6sgdfn
MD5

0030aea7ff8e0e007c16082c382d4c9a
SHA1

7f827101895e4b2bd1f173827277827d0162433b
SHA256

66c4fb72090d8f58cea15e6d8b599fec39c7916cc6ef03f925e796fa881116c4
SHA512

27200affc530722b1177a686f4a15f59e5e430f2563f27ded2a0ccb60fa1fd7c68c8c16ed49184a376fe6d55ebaff4dff6aa1b9fd720e873deae16e8232932d5

Score

10^/10

gozi_ifsb 1111 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
217107

Extracted

Family

gozi_ifsb

Botnet

1111

C2

http://securemrc.ru

http://securecc.ru

http://roiboypo.ru

Attributes

build
217107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  66c4fb72090d8f58cea15e6d8b599fec39c7916cc6ef03f925e796fa881116c4
- Size
  
  317KB
- MD5
  
  0030aea7ff8e0e007c16082c382d4c9a
- SHA1
  
  7f827101895e4b2bd1f173827277827d0162433b
- SHA256
  
  66c4fb72090d8f58cea15e6d8b599fec39c7916cc6ef03f925e796fa881116c4
- SHA512
  
  27200affc530722b1177a686f4a15f59e5e430f2563f27ded2a0ccb60fa1fd7c68c8c16ed49184a376fe6d55ebaff4dff6aa1b9fd720e873deae16e8232932d5
Score

10^/10

gozi_ifsb 1111 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb1111bankertrojan

behavioral2

gozi_ifsb1111bankertrojan