gozi_ifsb | 3c3a4a21f7816166c2339c6587c9f1690ee19419394a9fb33a6007daae83289c | Triage

Analysis

max time kernel
50s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 08:11

Sharing

Report Analysis Logs

General

Target

3c3a4a21f7816166c2339c6587c9f1690ee19419394a9fb33a6007daae83289c.exe
Size

155KB
MD5

3d6aa7cadb4c947f8129797ce964ae30
SHA1

7e4860b0e302938b970688c2ec3fef6cbcbb3abe
SHA256

3c3a4a21f7816166c2339c6587c9f1690ee19419394a9fb33a6007daae83289c
SHA512

26b6ec448d387983a98efe8419607c24659d3f35e709682f234609a00ad05a19eb21436d582e7964227964f765388f08f53825c75b30404871c397e7c6fd2394

Score

10^/10

gozi_ifsb 3492 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214098

Extracted

Family

gozi_ifsb

Botnet

3492

C2

google.com

gmail.com

lsammietf53.com

p28u70webster.com

ploi7260m71.com

Attributes

build
214098
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\3c3a4a21f7816166c2339c6587c9f1690ee19419394a9fb33a6007daae83289c.exe
"C:\Users\Admin\AppData\Local\Temp\3c3a4a21f7816166c2339c6587c9f1690ee19419394a9fb33a6007daae83289c.exe"
1⤵
PID:1172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-56-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/1172-55-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1172-54-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/1172-57-0x0000000000240000-0x000000000024F000-memory.dmp

Filesize
60KB

Download