gozi_ifsb | f57396265405b96ab6e5c9a8913b8e349be767772761b5759b1dd25e808140fd | Triage

Sharing

General

Target

f57396265405b96ab6e5c9a8913b8e349be767772761b5759b1dd25e808140fd
Size

326KB
Sample

220724-vdm1rsbfcq
MD5

d68c8325eaa6b9b38ec541756dd508a1
SHA1

42a4c0f59fbfff5ae9ed86682df679c860f0f2c9
SHA256

f57396265405b96ab6e5c9a8913b8e349be767772761b5759b1dd25e808140fd
SHA512

dc7d52a5db89bb3c3c5cbed6163e84d21825d54b19453fb52821da4414d383d95afada1d1a12c8122c8940c78457cf0831e3a730e3fd18ead9c84c127d926d49

Score

10^/10

gozi_ifsb 1111 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
217107

Extracted

Family

gozi_ifsb

Botnet

1111

C2

http://securemrc.ru

http://securecc.ru

http://roiboypo.ru

Attributes

build
217107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  f57396265405b96ab6e5c9a8913b8e349be767772761b5759b1dd25e808140fd
- Size
  
  326KB
- MD5
  
  d68c8325eaa6b9b38ec541756dd508a1
- SHA1
  
  42a4c0f59fbfff5ae9ed86682df679c860f0f2c9
- SHA256
  
  f57396265405b96ab6e5c9a8913b8e349be767772761b5759b1dd25e808140fd
- SHA512
  
  dc7d52a5db89bb3c3c5cbed6163e84d21825d54b19453fb52821da4414d383d95afada1d1a12c8122c8940c78457cf0831e3a730e3fd18ead9c84c127d926d49
Score

10^/10

gozi_ifsb 1111 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_ifsb1111bankertrojan

behavioral2

gozi_ifsb1111bankertrojan