gozi_ifsb | 5ec39afa7eba18967347b3850934a768a2832f7333d80ba93952b77e0ce0f8f5 | Triage

Sharing

General

Target

5ec39afa7eba18967347b3850934a768a2832f7333d80ba93952b77e0ce0f8f5
Size

203KB
Sample

220731-xz9srsdhgq
MD5

4a270cd8b4b0d31722a11a34a4848450
SHA1

eceac6d2bdfb2f52cc751a9ad00d42d9da57136d
SHA256

5ec39afa7eba18967347b3850934a768a2832f7333d80ba93952b77e0ce0f8f5
SHA512

3af8f6bf5eec5774ebb45258ce28aa86cf920c4d84829c6a23dcd9cccd6593fb38b7d79ad84d6213002b4f6f01f0e234060d9d55e4e06c726fab98ece4922f6b

Score

10^/10

gozi_ifsb 3162 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
215165

Extracted

Family

gozi_ifsb

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  5ec39afa7eba18967347b3850934a768a2832f7333d80ba93952b77e0ce0f8f5
- Size
  
  203KB
- MD5
  
  4a270cd8b4b0d31722a11a34a4848450
- SHA1
  
  eceac6d2bdfb2f52cc751a9ad00d42d9da57136d
- SHA256
  
  5ec39afa7eba18967347b3850934a768a2832f7333d80ba93952b77e0ce0f8f5
- SHA512
  
  3af8f6bf5eec5774ebb45258ce28aa86cf920c4d84829c6a23dcd9cccd6593fb38b7d79ad84d6213002b4f6f01f0e234060d9d55e4e06c726fab98ece4922f6b
Score

10^/10

gozi_ifsb 3162 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3162bankertrojan

behavioral2

gozi_ifsb3162bankertrojan