gozi_ifsb | 4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce | Triage

Sharing

General

Target

93114ecf1b2c711ec10e1fafdc834393efc11a97
Size

445KB
Sample

220712-af2aysggg2
MD5

f3be390b01c85970deeae124ca36ce2d
SHA1

93114ecf1b2c711ec10e1fafdc834393efc11a97
SHA256

4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce
SHA512

463829e0a07a2983d967483d49dd478243658c0be583bcddb801cd45beb869eee8cda812ea3a74e5cf5d70be07b5a59677317dbadcefdb8a21de3ddcbe7fa3a6

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  93114ecf1b2c711ec10e1fafdc834393efc11a97
- Size
  
  445KB
- MD5
  
  f3be390b01c85970deeae124ca36ce2d
- SHA1
  
  93114ecf1b2c711ec10e1fafdc834393efc11a97
- SHA256
  
  4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce
- SHA512
  
  463829e0a07a2983d967483d49dd478243658c0be583bcddb801cd45beb869eee8cda812ea3a74e5cf5d70be07b5a59677317dbadcefdb8a21de3ddcbe7fa3a6
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan