gozi_ifsb | 3c62e5428a634dc7de469cd885e3973afaa42ebb5f4895c198d23e882bcbc50c | Triage

Sharing

General

Target

3c62e5428a634dc7de469cd885e3973afaa42ebb5f4895c198d23e882bcbc50c
Size

350KB
Sample

220703-jgy2nacgd7
MD5

ec56d7a6a09afac0db9bf76130a030df
SHA1

2b4d30b55c288671d7ab411f839a6b0f389be257
SHA256

3c62e5428a634dc7de469cd885e3973afaa42ebb5f4895c198d23e882bcbc50c
SHA512

15bb1c3079288cb5bcc7c44292f091500567e77213ce8ba7209c8c77e72742c1685e859e2a0a49187ff107897a523a5e1588078598b2c989f3c5e7d7857a2e91

Score

10^/10

gozi_ifsb banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
217039

Targets

- Target
  
  3c62e5428a634dc7de469cd885e3973afaa42ebb5f4895c198d23e882bcbc50c
- Size
  
  350KB
- MD5
  
  ec56d7a6a09afac0db9bf76130a030df
- SHA1
  
  2b4d30b55c288671d7ab411f839a6b0f389be257
- SHA256
  
  3c62e5428a634dc7de469cd885e3973afaa42ebb5f4895c198d23e882bcbc50c
- SHA512
  
  15bb1c3079288cb5bcc7c44292f091500567e77213ce8ba7209c8c77e72742c1685e859e2a0a49187ff107897a523a5e1588078598b2c989f3c5e7d7857a2e91
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan