gozi_ifsb | 416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980 | Triage

Sharing

General

Target

416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
Size

189KB
Sample

220708-ggy1jsbhdp
MD5

d47612c3c48cb18b7b2620c97a9593ea
SHA1

39a37e1ac3600be8b70bd43fa30b252978bf2e0d
SHA256

416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
SHA512

7a6baaf4777aca9fb0e25e67a9f111ab04feb016fa69a556babb90c4cafb139f39ebd90b95a9adabc8a6a5d155daad7a950fb7a310f61a828b7b7b6fbeb7847e

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2000

C2

x1.narutik.at/webstore

cdn5.narutik.at/webstore

cd.pranahat.at/webstore

Attributes

build
217083
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
172.104.136.243
8.8.8.8
176.126.70.119
51.15.98.97
193.183.98.66
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
- Size
  
  189KB
- MD5
  
  d47612c3c48cb18b7b2620c97a9593ea
- SHA1
  
  39a37e1ac3600be8b70bd43fa30b252978bf2e0d
- SHA256
  
  416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
- SHA512
  
  7a6baaf4777aca9fb0e25e67a9f111ab04feb016fa69a556babb90c4cafb139f39ebd90b95a9adabc8a6a5d155daad7a950fb7a310f61a828b7b7b6fbeb7847e
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2

gozi_ifsb2000bankertrojan