gozi_ifsb | 64a6b3f1924ebcd8d162482001721ee6459e23811055b6d9d79c8db2d7af327f | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-09-2022 07:17

Sharing

Report Analysis Logs

General

Target

64.exe
Size

37KB
MD5

a0e3596ac737f7ca98538a1479e4cdd1
SHA1

b312eacda77ec55e6fb9fb62ab0b756ca50d8201
SHA256

64a6b3f1924ebcd8d162482001721ee6459e23811055b6d9d79c8db2d7af327f
SHA512

d67f340c9147f314e41e72c3a002ce6c22a538422f50f707b599b54458d7bf7db4824a748c249d8438e831a8b5bd0ca568cc2d23cedac32ad16f42c43b929d9a
SSDEEP

768:V41V8UHIm2qyiBMoxKRZsLgY5AQnkcgIHAs5Tdh77k3mNrow5:VefIZqtBR6Zsd5U8f5xhfk3eo

Score

10^/10

gozi_ifsb 200000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

200000

C2

trackingg-protectioon.cdn1.mozilla.net

45.8.158.104

188.127.224.114

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

iujdhsndjfks.com

Attributes

base_path
/uploaded/
build
250240
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\64.exe
"C:\Users\Admin\AppData\Local\Temp\64.exe"
1⤵
PID:1576

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-54-0x0000000000030000-0x000000000003D000-memory.dmp

Filesize
52KB

Download