gozi_ifsb | 4e9c392b5532fd3823e854c4db17212b392d41c0f3310021022d9cbf1bca8658 | Triage

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23/09/2022, 07:21

Sharing

Report Analysis Logs

General

Target

4e.exe
Size

37KB
MD5

ff981f29daba877bc365211aabfe8801
SHA1

f9d94bb62c230210afdde498ec0b0c119edb3466
SHA256

4e9c392b5532fd3823e854c4db17212b392d41c0f3310021022d9cbf1bca8658
SHA512

14740e902bec6ebe8fafd62b8042d087888a35f4f7906c13723fe8c85f48fb5cc65aa37222404d0b641ba60c37fa44aeea03bfd12fd37dc1d832fd13e2c48d43
SSDEEP

768:WtGIijUZYyyS3LaihVw8X/vrJEKmK9FhbYaMx4LqLriNdDAVGYRa09BV31C:gZi947aivwmrJEKmK9VMxWOrMd4X7p

Score

10^/10

gozi_ifsb 1900 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1900

C2

tel.msn.com

194.76.225.60

185.212.47.133

Attributes

base_path
/doorway/
build
250235
exe_type
loader
extension
.drr
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\4e.exe
"C:\Users\Admin\AppData\Local\Temp\4e.exe"
1⤵
PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1760-54-0x0000000000030000-0x000000000003D000-memory.dmp

Filesize
52KB

Download