gozi_ifsb | bf704efc05e262948c6426129f4791cb9279e6b930e152fb0c5005cca81f1d5e | Triage

Sharing

General

Target

bf704efc05e262948c6426129f4791cb9279e6b930e152fb0c5005cca81f1d5e
Size

324KB
Sample

220731-g7edtsdeej
MD5

0f070b6f03e0a0ca7c582c50e5cc3036
SHA1

1d28f378ffcb9b016b8e2d18de5ba3dbe8d6dd9b
SHA256

bf704efc05e262948c6426129f4791cb9279e6b930e152fb0c5005cca81f1d5e
SHA512

46f334d398c095aa787b78d0e352edff99a0b51e4614505815d533591332aebfc2c93722d88efb262524de7b8a8fbb5ade3953b904e83f4765acd9384d99bb34

Score

10^/10

gozi_ifsb 3423 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214085

Extracted

Family

gozi_ifsb

Botnet

3423

C2

google.com

gmail.com

sizfjalenk51.com

v25brigittet.com

k23ueugeniay.com

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  bf704efc05e262948c6426129f4791cb9279e6b930e152fb0c5005cca81f1d5e
- Size
  
  324KB
- MD5
  
  0f070b6f03e0a0ca7c582c50e5cc3036
- SHA1
  
  1d28f378ffcb9b016b8e2d18de5ba3dbe8d6dd9b
- SHA256
  
  bf704efc05e262948c6426129f4791cb9279e6b930e152fb0c5005cca81f1d5e
- SHA512
  
  46f334d398c095aa787b78d0e352edff99a0b51e4614505815d533591332aebfc2c93722d88efb262524de7b8a8fbb5ade3953b904e83f4765acd9384d99bb34
Score

10^/10

gozi_ifsb 3423 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3423bankertrojan

behavioral2

gozi_ifsb3423bankertrojan