gozi_ifsb | 900049f66005fc9ce32c4a8f6cba6a2044e4c2866ae4ea8f15b571751fa9c8b3 | Triage

Sharing

General

Target

900049f66005fc9ce32c4a8f6cba6a2044e4c2866ae4ea8f15b571751fa9c8b3
Size

282KB
Sample

220724-v9m1msdbbq
MD5

ddd42fe8cea5b9560fe9c2f0376d0f7f
SHA1

86e49dfee5ef30f789a2a20ac048beee6709d1d0
SHA256

900049f66005fc9ce32c4a8f6cba6a2044e4c2866ae4ea8f15b571751fa9c8b3
SHA512

26aa16d6f33aeee271a5b210df9a743ddbd4e0fb35deb6fbe6f32a686a898416823fa8a5767ffdbac1cc85baae5f0eb9b548d8d21ad1d2f18da721d3c9662e23

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2000

C2

beetfeetlife.bit/webstore

api.sorna.at/webstore

supp.rivier.at/webstore

Attributes

build
217072
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
193.183.98.66
91.217.137.37
192.71.245.208
8.8.8.8
178.17.170.179
82.196.9.45
151.80.222.79
68.183.70.217
217.144.135.7
158.69.160.164
207.148.83.241
5.189.170.196
217.144.132.148
94.247.43.254
188.165.200.156
159.89.249.249
150.249.149.222
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  900049f66005fc9ce32c4a8f6cba6a2044e4c2866ae4ea8f15b571751fa9c8b3
- Size
  
  282KB
- MD5
  
  ddd42fe8cea5b9560fe9c2f0376d0f7f
- SHA1
  
  86e49dfee5ef30f789a2a20ac048beee6709d1d0
- SHA256
  
  900049f66005fc9ce32c4a8f6cba6a2044e4c2866ae4ea8f15b571751fa9c8b3
- SHA512
  
  26aa16d6f33aeee271a5b210df9a743ddbd4e0fb35deb6fbe6f32a686a898416823fa8a5767ffdbac1cc85baae5f0eb9b548d8d21ad1d2f18da721d3c9662e23
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2

gozi_ifsb2000bankertrojan