gozi_ifsb | 0989361dd7c8739827009be27579080b37430dbbb35ac9673b5e33f61505fdff | Triage

Sharing

General

Target

0989361dd7c8739827009be27579080b37430dbbb35ac9673b5e33f61505fdff
Size

73KB
Sample

220802-ywph4aafc2
MD5

ffe4d5c72795afbc92c141cbb716eb64
SHA1

595261c32e5867f0c0589ef2df60639ad9fd6dd5
SHA256

0989361dd7c8739827009be27579080b37430dbbb35ac9673b5e33f61505fdff
SHA512

0f753566201f6b8e24bfa3e4dd5aa8bbdaa71fdd5c0ce645e61071601f5e01376b2890323e69dc09d79b4600d7f70bf2b04432a135b4f41d98dea35391e9e27e

Score

10^/10

gozi_ifsb 11111 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

11111

C2

trackingg-protectioon.cdn1.mozilla.net

194.76.225.168

194.76.224.242

Attributes

base_path
/fonts/
build
250240
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0989361dd7c8739827009be27579080b37430dbbb35ac9673b5e33f61505fdff
- Size
  
  73KB
- MD5
  
  ffe4d5c72795afbc92c141cbb716eb64
- SHA1
  
  595261c32e5867f0c0589ef2df60639ad9fd6dd5
- SHA256
  
  0989361dd7c8739827009be27579080b37430dbbb35ac9673b5e33f61505fdff
- SHA512
  
  0f753566201f6b8e24bfa3e4dd5aa8bbdaa71fdd5c0ce645e61071601f5e01376b2890323e69dc09d79b4600d7f70bf2b04432a135b4f41d98dea35391e9e27e
Score

10^/10

gozi_ifsb 11111 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb11111bankertrojan