Overview

overview

10

Static

static

5b71b3b94c...ca.exe

windows7-x64

10

5b71b3b94c...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca

  • Size

    382KB

  • Sample

    220801-wb2xksfec7

  • MD5

    8ede3ace8c115bd3a4fd26bd23c35422

  • SHA1

    a4662431d9c9df3df2eff18bdc5a447ece712e35

  • SHA256

    5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca

  • SHA512

    9b432eb1e20218ada551c20679acaa73547f28bd4f893f84229701b6e2a3fd381fdd9d52d410d392ab27a7a5710f649c56da0eca9120e653c8f90f9c70c00984

Score
10/10
gozi_ifsb1010bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1010

C2

sys.cozmoattire.com/bcms/assets/img

sys.nahualbrand.com/bcms/assets/img

sys.devaneyengineering.com/bcms/assets/img

sys.3earth.us/bcms/assets/img

sys.tartsandcraftsshop.com/bcms/assets/img

lansystemstat.com/bcms/assets/img

highnetwork.pw/bcms/assets/img

lostnetwork.in/bcms/assets/img

sysconnections.net/bcms/assets/img

lansupports.com/bcms/assets/img
Attributes
  • exe_type

    worker

  • server_id

    35

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca

    • Size

      382KB

    • MD5

      8ede3ace8c115bd3a4fd26bd23c35422

    • SHA1

      a4662431d9c9df3df2eff18bdc5a447ece712e35

    • SHA256

      5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca

    • SHA512

      9b432eb1e20218ada551c20679acaa73547f28bd4f893f84229701b6e2a3fd381fdd9d52d410d392ab27a7a5710f649c56da0eca9120e653c8f90f9c70c00984

    Score
    10/10
    gozi_ifsb1010bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks