gozi_ifsb | 3d2dc979c48c7d4e31f121d7ad4ade654a6a7548cdc8fe3ce8ccd14aa144e968 | Triage

Sharing

General

Target

3d2dc979c48c7d4e31f121d7ad4ade654a6a7548cdc8fe3ce8ccd14aa144e968
Size

269KB
Sample

220703-ejxt6agcd4
MD5

d10056f4e546eec4225fce9e5982cce1
SHA1

a7005756691aa3fa41bce3b70a944d69da0d36b3
SHA256

3d2dc979c48c7d4e31f121d7ad4ade654a6a7548cdc8fe3ce8ccd14aa144e968
SHA512

bd1d943e1c98ef03853b4626c6639e8a9b02abfd187af60b3c179185a25ae0ab84153af0e8c7a658f0218145a596619a0263a6ad641b62f7e8e27a5edadbb37a

Score

10^/10

gozi_ifsb 3151 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
215165

Extracted

Family

gozi_ifsb

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3d2dc979c48c7d4e31f121d7ad4ade654a6a7548cdc8fe3ce8ccd14aa144e968
- Size
  
  269KB
- MD5
  
  d10056f4e546eec4225fce9e5982cce1
- SHA1
  
  a7005756691aa3fa41bce3b70a944d69da0d36b3
- SHA256
  
  3d2dc979c48c7d4e31f121d7ad4ade654a6a7548cdc8fe3ce8ccd14aa144e968
- SHA512
  
  bd1d943e1c98ef03853b4626c6639e8a9b02abfd187af60b3c179185a25ae0ab84153af0e8c7a658f0218145a596619a0263a6ad641b62f7e8e27a5edadbb37a
Score

10^/10

gozi_ifsb 3151 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3151bankertrojan

behavioral2

gozi_ifsb3151bankertrojan