gozi_ifsb | df43bfaca85e3eb665b072c2730dabf22394f5045dc248f6d9c2824ebbaf5362 | Triage

Analysis

max time kernel
137s
max time network
44s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
24-07-2022 15:11

Sharing

Report Analysis Logs

General

Target

df43bfaca85e3eb665b072c2730dabf22394f5045dc248f6d9c2824ebbaf5362.exe
Size

215KB
MD5

eed413516af27f597f80a1be1c8f61dd
SHA1

f77898e8399bfdfb8a931cf902944d03e6ffcf8a
SHA256

df43bfaca85e3eb665b072c2730dabf22394f5045dc248f6d9c2824ebbaf5362
SHA512

6f08f26a23771addd78639419734a56b860f7f1fa59a466c00628da1731ea4439078e6d1b67b2c1349af95ba171bc191366e54e5000ca41c52ac8544890df2d4

Score

10^/10

gozi_ifsb 3153 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
215165

Extracted

Family

gozi_ifsb

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\df43bfaca85e3eb665b072c2730dabf22394f5045dc248f6d9c2824ebbaf5362.exe
"C:\Users\Admin\AppData\Local\Temp\df43bfaca85e3eb665b072c2730dabf22394f5045dc248f6d9c2824ebbaf5362.exe"
1⤵
PID:1348

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1348-55-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1348-56-0x00000000003E0000-0x00000000003FB000-memory.dmp

Filesize
108KB

Download