gozi_ifsb | 463dfc54adbda21dc6f39f61cf2233e08932a129655a5a4c967a0508738b61f3 | Triage

Sharing

General

Target

463dfc54adbda21dc6f39f61cf2233e08932a129655a5a4c967a0508738b61f3
Size

269KB
Sample

220707-lcfevschb3
MD5

d1f5af5efa217327fe48eb9916f39e60
SHA1

32cb3e99ef4a9ced571989b9acf40a8cfff30a10
SHA256

463dfc54adbda21dc6f39f61cf2233e08932a129655a5a4c967a0508738b61f3
SHA512

7f2d83b52e9194b610e3601341cd5f364603c74a72f20fb7dba8d875246601fa8fd091d950a91638c427717cb10c3f7b4ea0b53b8610d58f2e9e49d26b9d60d8

Score

10^/10

gozi_ifsb 3151 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
215165

Extracted

Family

gozi_ifsb

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  463dfc54adbda21dc6f39f61cf2233e08932a129655a5a4c967a0508738b61f3
- Size
  
  269KB
- MD5
  
  d1f5af5efa217327fe48eb9916f39e60
- SHA1
  
  32cb3e99ef4a9ced571989b9acf40a8cfff30a10
- SHA256
  
  463dfc54adbda21dc6f39f61cf2233e08932a129655a5a4c967a0508738b61f3
- SHA512
  
  7f2d83b52e9194b610e3601341cd5f364603c74a72f20fb7dba8d875246601fa8fd091d950a91638c427717cb10c3f7b4ea0b53b8610d58f2e9e49d26b9d60d8
Score

10^/10

gozi_ifsb 3151 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3151bankertrojan

behavioral2

gozi_ifsb3151bankertrojan