gozi_ifsb | 3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e | Triage

Analysis

max time kernel
26s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 07:32

Sharing

Report Analysis Logs

General

Target

3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e.exe
Size

648KB
MD5

d4ff31bf5ff54b749364830de5a2cff6
SHA1

84e9df89c44650698a0146e3cd0baf9d155e81ee
SHA256

3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e
SHA512

bc3348a9883af76417058cb9b2b4cad533e9640666011a0cb426f9cf47b965a7f02a7d692ad1fec884f525517c9a66b765d7962d20ca04b067269714cb5af592

Score

10^/10

gozi_ifsb 3189 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214062

Extracted

Family

gozi_ifsb

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e.exe
"C:\Users\Admin\AppData\Local\Temp\3e684272178a05d22d691a41a3be25900d98194ac53638febb3e5d2b3b7c0a7e.exe"
1⤵
PID:560

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/560-54-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download
memory/560-55-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/560-56-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/560-57-0x0000000000340000-0x000000000035B000-memory.dmp

Filesize
108KB

Download