gozi_ifsb | 3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e | Triage

Sharing

General

Target

3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e
Size

648KB
Sample

220701-jcxm2abef7
MD5

d4ff31bf5ff54b749364830de5a2cff6
SHA1

84e9df89c44650698a0146e3cd0baf9d155e81ee
SHA256

3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e
SHA512

bc3348a9883af76417058cb9b2b4cad533e9640666011a0cb426f9cf47b965a7f02a7d692ad1fec884f525517c9a66b765d7962d20ca04b067269714cb5af592

Score

10^/10

gozi_ifsb 3189 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214062

Extracted

Family

gozi_ifsb

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e
- Size
  
  648KB
- MD5
  
  d4ff31bf5ff54b749364830de5a2cff6
- SHA1
  
  84e9df89c44650698a0146e3cd0baf9d155e81ee
- SHA256
  
  3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e
- SHA512
  
  bc3348a9883af76417058cb9b2b4cad533e9640666011a0cb426f9cf47b965a7f02a7d692ad1fec884f525517c9a66b765d7962d20ca04b067269714cb5af592
Score

10^/10

gozi_ifsb 3189 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3189bankertrojan

behavioral2

gozi_ifsb3189bankertrojan