gozi_ifsb | 0bd3e6ebfe1c54467789ec4d574d994e8b5bd54b4bcfa5531a9bd1072b7824a9 | Triage

Sharing

General

Target

0bd3e6ebfe1c54467789ec4d574d994e8b5bd54b4bcfa5531a9bd1072b7824a9
Size

339KB
Sample

220802-y3dp6safg5
MD5

4ee88393891abb32b1b56b5bc890d234
SHA1

20f1a0cbbb74fe3e9b3161e7a006528ecef9b6f5
SHA256

0bd3e6ebfe1c54467789ec4d574d994e8b5bd54b4bcfa5531a9bd1072b7824a9
SHA512

1c63299f1f89c529cca86070a0dd36b8a4b2ee3697bfb338758f8e61051ede0e4f993f6008a4a4c97278087992f78d4ec3aeca914a193932031e238750c622e9

Score

10^/10

gozi_ifsb 11111 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

11111

C2

trackingg-protectioon.cdn1.mozilla.net

194.76.225.168

194.76.224.242

Attributes

base_path
/fonts/
build
250240
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0bd3e6ebfe1c54467789ec4d574d994e8b5bd54b4bcfa5531a9bd1072b7824a9
- Size
  
  339KB
- MD5
  
  4ee88393891abb32b1b56b5bc890d234
- SHA1
  
  20f1a0cbbb74fe3e9b3161e7a006528ecef9b6f5
- SHA256
  
  0bd3e6ebfe1c54467789ec4d574d994e8b5bd54b4bcfa5531a9bd1072b7824a9
- SHA512
  
  1c63299f1f89c529cca86070a0dd36b8a4b2ee3697bfb338758f8e61051ede0e4f993f6008a4a4c97278087992f78d4ec3aeca914a193932031e238750c622e9
Score

10^/10

gozi_ifsb 11111 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb11111bankertrojan