gozi_ifsb | 463ca9fcfce233510175704d6eabc217ed3775862e2cf7e8b8960257ec968bc5 | Triage

Sharing

General

Target

463ca9fcfce233510175704d6eabc217ed3775862e2cf7e8b8960257ec968bc5
Size

1.6MB
Sample

220707-lc6l2sagfn
MD5

28faaf4bfb08b1a54598062cccbeba1b
SHA1

72c7480164d9d9a9138a51639ce005b0f4029bc4
SHA256

463ca9fcfce233510175704d6eabc217ed3775862e2cf7e8b8960257ec968bc5
SHA512

e6e07da7c827d680aa7824f9b7e60e40cbdb87af3a81d3a2b202f84a66be506022cbc98339222896b9989e8bd2c23dd90429f3dad11047c1b55565b84373074b

Score

10^/10

gozi_ifsb 3531 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214107

Extracted

Family

gozi_ifsb

Botnet

3531

C2

gmail.com

google.com

k55gaisi.com

leinwqoa.com

bon11ljgarry.com

Attributes

build
214107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  463ca9fcfce233510175704d6eabc217ed3775862e2cf7e8b8960257ec968bc5
- Size
  
  1.6MB
- MD5
  
  28faaf4bfb08b1a54598062cccbeba1b
- SHA1
  
  72c7480164d9d9a9138a51639ce005b0f4029bc4
- SHA256
  
  463ca9fcfce233510175704d6eabc217ed3775862e2cf7e8b8960257ec968bc5
- SHA512
  
  e6e07da7c827d680aa7824f9b7e60e40cbdb87af3a81d3a2b202f84a66be506022cbc98339222896b9989e8bd2c23dd90429f3dad11047c1b55565b84373074b
Score

10^/10

gozi_ifsb 3531 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb3531bankertrojan

behavioral2

gozi_ifsb3531bankertrojan