gozi_ifsb | b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86 | Triage

Sharing

General

Target

468042278a3e4841d3e33ccca10d99ca
Size

338KB
Sample

220803-rt5nzacag9
MD5

468042278a3e4841d3e33ccca10d99ca
SHA1

22532f37096a200d448420359c01bbebaaf6b820
SHA256

b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86
SHA512

4c85e54b26ee0540fa9350f92a85f7e254f3c11481f3a3099c96ce47b83963ed4661216b2c4109e76e94ee3821310e3a35b2e37fc076a13f9f663dc6bc992ebf

Score

10^/10

gozi_ifsb 11111 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

11111

C2

trackingg-protectioon.cdn1.mozilla.net

194.76.225.168

194.76.224.242

Attributes

base_path
/fonts/
build
250240
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  468042278a3e4841d3e33ccca10d99ca
- Size
  
  338KB
- MD5
  
  468042278a3e4841d3e33ccca10d99ca
- SHA1
  
  22532f37096a200d448420359c01bbebaaf6b820
- SHA256
  
  b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86
- SHA512
  
  4c85e54b26ee0540fa9350f92a85f7e254f3c11481f3a3099c96ce47b83963ed4661216b2c4109e76e94ee3821310e3a35b2e37fc076a13f9f663dc6bc992ebf
Score

10^/10

gozi_ifsb 11111 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb11111bankertrojan

behavioral2

gozi_ifsb11111bankertrojan