gozi_ifsb | 4a966a3c7dbace04643319af41f855d2bc888a986061537a6dce97089bd2322c | Triage

Sharing

General

Target

4a966a3c7dbace04643319af41f855d2bc888a986061537a6dce97089bd2322c
Size

285KB
Sample

220712-pz1wvsagcn
MD5

a442cc5b0f5f2f3f906c52887c6fd58d
SHA1

d06f0f153750437d0bedc1bbf6c8783461d048d3
SHA256

4a966a3c7dbace04643319af41f855d2bc888a986061537a6dce97089bd2322c
SHA512

0e539e83a2516bb93993ab3dec49a28efeb6fd59f5f0eab657a3581beb14bfe46ba2f4a4e8db2c46f3db7e4c797362c21fd665695bbfdbea9ca7e912b3673956

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
217061

Extracted

Family

gozi_ifsb

Botnet

2000

C2

ax.ikobut.at/webstore

beetfeetlife.bit/webstore

foo.avaregio.at/webstore

api.hamanana.at/webstore

api.ikobut.at/webstore

supp.zapkopw.at/webstore

cdn.avaregio.at/webstore

Attributes

build
217061
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
193.183.98.66
91.217.137.37
192.71.245.208
8.8.8.8
178.17.170.179
82.196.9.45
151.80.222.79
68.183.70.217
217.144.135.7
158.69.160.164
207.148.83.241
5.189.170.196
217.144.132.148
94.247.43.254
188.165.200.156
159.89.249.249
150.249.149.222
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4a966a3c7dbace04643319af41f855d2bc888a986061537a6dce97089bd2322c
- Size
  
  285KB
- MD5
  
  a442cc5b0f5f2f3f906c52887c6fd58d
- SHA1
  
  d06f0f153750437d0bedc1bbf6c8783461d048d3
- SHA256
  
  4a966a3c7dbace04643319af41f855d2bc888a986061537a6dce97089bd2322c
- SHA512
  
  0e539e83a2516bb93993ab3dec49a28efeb6fd59f5f0eab657a3581beb14bfe46ba2f4a4e8db2c46f3db7e4c797362c21fd665695bbfdbea9ca7e912b3673956
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2

gozi_ifsb2000bankertrojan