gozi_ifsb | 4b751a70b19c22f52fd3daaa6195e317b6f1cfef59bcb60064ae2bf484996833 | Triage

Sharing

General

Target

4b751a70b19c22f52fd3daaa6195e317b6f1cfef59bcb60064ae2bf484996833
Size

459KB
Sample

220712-lwl2rafgb4
MD5

6884175bf08f230a33b417f19c4b0005
SHA1

7870e0bf34e527a14dac8e062a024d12c7b49980
SHA256

4b751a70b19c22f52fd3daaa6195e317b6f1cfef59bcb60064ae2bf484996833
SHA512

d098e75a81d8da0009711023926c58c139b8311d67eadaa0ce2d2ab56b9c4bea6cb1fa28c6a9d9dc0f72e0b7029cd14db25da8a5bf4d995d65b91fe6852ea9ba

Score

10^/10

gozi_ifsb 3428 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214085

Extracted

Family

gozi_ifsb

Botnet

3428

C2

google.com

gmail.com

ztoy.top

qmiller.club

vipresleynz.com

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4b751a70b19c22f52fd3daaa6195e317b6f1cfef59bcb60064ae2bf484996833
- Size
  
  459KB
- MD5
  
  6884175bf08f230a33b417f19c4b0005
- SHA1
  
  7870e0bf34e527a14dac8e062a024d12c7b49980
- SHA256
  
  4b751a70b19c22f52fd3daaa6195e317b6f1cfef59bcb60064ae2bf484996833
- SHA512
  
  d098e75a81d8da0009711023926c58c139b8311d67eadaa0ce2d2ab56b9c4bea6cb1fa28c6a9d9dc0f72e0b7029cd14db25da8a5bf4d995d65b91fe6852ea9ba
Score

10^/10

gozi_ifsb 3428 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3428bankertrojan

behavioral2

gozi_ifsb3428bankertrojan