gozi_ifsb | 20351bf93e117a01a601e5fcd6b83250e42e001a81cc9bf660e3079516a30f08 | Triage

Sharing

General

Target

3a9ee4bc7f3ea02691545e64d9630d68
Size

432KB
Sample

220707-lfww1sbabm
MD5

3a9ee4bc7f3ea02691545e64d9630d68
SHA1

9596b9362933b763c935a37273927d8779293805
SHA256

20351bf93e117a01a601e5fcd6b83250e42e001a81cc9bf660e3079516a30f08
SHA512

d4643896737d3d5bd87b5a909d4a08cf5907badc9aa3fcdb77dd05f035a550ca169b92eac8f300a747f04339c4b0aebd3463da567f0348341f0cc27e949389a7

Score

10^/10

gozi_ifsb 3000 banker suricata trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

79.110.52.164

79.110.52.97

Attributes

base_path
/drew/
build
250239
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3a9ee4bc7f3ea02691545e64d9630d68
- Size
  
  432KB
- MD5
  
  3a9ee4bc7f3ea02691545e64d9630d68
- SHA1
  
  9596b9362933b763c935a37273927d8779293805
- SHA256
  
  20351bf93e117a01a601e5fcd6b83250e42e001a81cc9bf660e3079516a30f08
- SHA512
  
  d4643896737d3d5bd87b5a909d4a08cf5907badc9aa3fcdb77dd05f035a550ca169b92eac8f300a747f04339c4b0aebd3463da567f0348341f0cc27e949389a7
Score

10^/10

gozi_ifsb 3000 banker trojan suricata
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3000bankertrojan

behavioral2

gozi_ifsb3000bankersuricatatrojan