gozi_ifsb | a63f4d6f5c791eb5980c96087d1902670c9cbea15f02306ad363ef187810c7b4 | Triage

Sharing

General

Target

a63f4d6f5c791eb5980c96087d1902670c9cbea15f02306ad363ef187810c7b4
Size

216KB
Sample

220724-vb4kqsbcf9
MD5

eab6d9826991ecc93f65c9eadeef444b
SHA1

2712e562b7412173d6aec45a0758721da65b8b2e
SHA256

a63f4d6f5c791eb5980c96087d1902670c9cbea15f02306ad363ef187810c7b4
SHA512

8a896987db031350403ebb74c169ef16a6a1663c095cff1e76b66b08b6951e34b31c810b1d2201447c449c8864bf1197be09b867a8e10120962409f2ec6e7b32

Score

10^/10

gozi_ifsb 2222 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2222

C2

http://securemrc.ru

http://securecc.ru

http://roiboypo.ru

Attributes

build
217111
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  a63f4d6f5c791eb5980c96087d1902670c9cbea15f02306ad363ef187810c7b4
- Size
  
  216KB
- MD5
  
  eab6d9826991ecc93f65c9eadeef444b
- SHA1
  
  2712e562b7412173d6aec45a0758721da65b8b2e
- SHA256
  
  a63f4d6f5c791eb5980c96087d1902670c9cbea15f02306ad363ef187810c7b4
- SHA512
  
  8a896987db031350403ebb74c169ef16a6a1663c095cff1e76b66b08b6951e34b31c810b1d2201447c449c8864bf1197be09b867a8e10120962409f2ec6e7b32
Score

10^/10

gozi_ifsb 2222 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb2222bankertrojan

behavioral2

gozi_ifsb2222bankertrojan