gozi_ifsb | 456716e798a3906a32c0be636917123df6ef3a52b9d8a5d26b65a7e37a16f2a8 | Triage

Sharing

General

Target

456716e798a3906a32c0be636917123df6ef3a52b9d8a5d26b65a7e37a16f2a8
Size

363KB
Sample

220707-tfeazaaagn
MD5

c1e188ef04accd001d69ece3718cbeb6
SHA1

83a5191783946eaee4b8a06237d4874d0dfe3be6
SHA256

456716e798a3906a32c0be636917123df6ef3a52b9d8a5d26b65a7e37a16f2a8
SHA512

85d2f35f30a85317e0e6e9496add71235fe91aa49a75ea128f576738fead91454831a838d2788fd94fec02cad31c1539f60f5695f30837f545aeb1242de0ab48

Score

10^/10

gozi_ifsb 3485 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214085

Extracted

Family

gozi_ifsb

Botnet

3485

C2

google.com

gmail.com

s39aihzlia.com

hqrya64peyton.com

l58er.com

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  456716e798a3906a32c0be636917123df6ef3a52b9d8a5d26b65a7e37a16f2a8
- Size
  
  363KB
- MD5
  
  c1e188ef04accd001d69ece3718cbeb6
- SHA1
  
  83a5191783946eaee4b8a06237d4874d0dfe3be6
- SHA256
  
  456716e798a3906a32c0be636917123df6ef3a52b9d8a5d26b65a7e37a16f2a8
- SHA512
  
  85d2f35f30a85317e0e6e9496add71235fe91aa49a75ea128f576738fead91454831a838d2788fd94fec02cad31c1539f60f5695f30837f545aeb1242de0ab48
Score

10^/10

gozi_ifsb 3485 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3485bankertrojan

behavioral2

gozi_ifsb3485bankertrojan