gozi_ifsb | c251313754577b923948d506c0a0fbc59674232cebe1ef02fdca216944101293 | Triage

Sharing

General

Target

c251313754577b923948d506c0a0fbc59674232cebe1ef02fdca216944101293
Size

270KB
Sample

220724-vzexaacfan
MD5

eabfe0920bcf4cf7714f64334bd028c4
SHA1

54822f724347aecc5d9d681328a61b5ea4d4f197
SHA256

c251313754577b923948d506c0a0fbc59674232cebe1ef02fdca216944101293
SHA512

c13d94677d41601d4f085e30738b733355dd177ab30b11b48bfd20c34746940c33822e41a965a1313a03d457c58d722b9a9d853bf39f90afcbf1a51ce7c6c760

Score

10^/10

gozi_ifsb 2000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2000

C2

x1.narutik.at/webstore

cdn5.narutik.at/webstore

api.hartino.at/webstore

voip.hartino.at/webstore

Attributes

build
217072
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
172.104.136.243
8.8.8.8
176.126.70.119
51.15.98.97
193.183.98.66
exe_type
loader
server_id
550

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  c251313754577b923948d506c0a0fbc59674232cebe1ef02fdca216944101293
- Size
  
  270KB
- MD5
  
  eabfe0920bcf4cf7714f64334bd028c4
- SHA1
  
  54822f724347aecc5d9d681328a61b5ea4d4f197
- SHA256
  
  c251313754577b923948d506c0a0fbc59674232cebe1ef02fdca216944101293
- SHA512
  
  c13d94677d41601d4f085e30738b733355dd177ab30b11b48bfd20c34746940c33822e41a965a1313a03d457c58d722b9a9d853bf39f90afcbf1a51ce7c6c760
Score

10^/10

gozi_ifsb 2000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb2000bankertrojan

behavioral2

gozi_ifsb2000bankertrojan