gozi_ifsb | 57c9c361e70e034e4a902cb81a042a2e1e75970d88429cd87042235e7b4f64d5 | Triage

Analysis

max time kernel
146s
max time network
46s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
24-07-2022 20:03

Sharing

Report Analysis Logs

General

Target

57c9c361e70e034e4a902cb81a042a2e1e75970d88429cd87042235e7b4f64d5.exe
Size

215KB
MD5

8c4226ad130129f72c94f4b34d4b0c8a
SHA1

6e6bbdf90f6501fee7ca2d1c2fbcffbdb643f831
SHA256

57c9c361e70e034e4a902cb81a042a2e1e75970d88429cd87042235e7b4f64d5
SHA512

b924862b86ad37c57f8048d86289b68d34045b84697cc00bf2bb6dda3a8946a379c257821686f4c004f4778b6553042a8d727b4c2e20f1b4db706fd6aca7f058

Score

10^/10

gozi_ifsb 3153 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
215165

Extracted

Family

gozi_ifsb

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\57c9c361e70e034e4a902cb81a042a2e1e75970d88429cd87042235e7b4f64d5.exe
"C:\Users\Admin\AppData\Local\Temp\57c9c361e70e034e4a902cb81a042a2e1e75970d88429cd87042235e7b4f64d5.exe"
1⤵
PID:1420

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1420-55-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1420-56-0x00000000002F0000-0x000000000030B000-memory.dmp

Filesize
108KB

Download