Overview

overview

10

Static

static

youWhen.dll

windows7-x64

10

youWhen.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    youWhen.db.zip

  • Size

    322KB

  • Sample

    220909-vty3zacebm

  • MD5

    164f69fb7e43cab770b36864a818d180

  • SHA1

    2ea800dca49970da661bda9e1d8d63c93a00b3d8

  • SHA256

    d413a1433725e6ef4572bf2bc66ff86472f7f8cd47e91cf69f65962737f50529

  • SHA512

    e220992ee29c3ce85c1288e81d9a3587d5432a93ac2de652af5fe8c92e046472ed19ba9a92b4c3c8f88fe8c37aa1e51ef9324692f26ddc15a29ab1108062368b

  • SSDEEP

    6144:91JA49T1rqUMICneR8qg/Uu9T2U1TCK1cbYheZSwhgGln35ZKGyyQNIx864i:91J5T1rqUyTDvR9cbYuhjl3LVyLN086/

Score
10/10
gozi_ifsb47470bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

47470

C2

asiorpatms.com

unpeoritas.art
Attributes
  • build

    250234

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      youWhen.db

    • Size

      608KB

    • MD5

      d958d62d1704552c7cb44139d4a77076

    • SHA1

      55e288f20be7fd16ce5b47d65d35a7678fb650a7

    • SHA256

      8ff05c030b20e156753c6f330a8eb689ef5fdbaf01496d0b144948a822c17e2c

    • SHA512

      57e9c0943eb724f2b46f6fa6c273c5da3f10c90703bcbbaaae30dd8394e54f54c48db1d14a2b1db4919cf23556e65e744556612a6e62e44ec842de0db29c62d4

    • SSDEEP

      6144:zG93dcjsHUws3C4wj+T+9tiB9Px9uco9v/Br1ykVD0ttjn6Lppx:zyr0ws3sjTiBD9uX/nTQtJsx

    Score
    10/10
    gozi_ifsb47470bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks