gozi_ifsb | 8a7f259ecd7479314c5bd6e449a7b77f76173d4e636075f99a0b8eb765d3573a | Triage

Sharing

General

Target

8a.exe
Size

37KB
Sample

220923-h8dz5ahdgr
MD5

2aa94a6251fd3fba8c103ccf82d81879
SHA1

c5c09029fd15ee2faa0f5b8bdcab61f4ecba5858
SHA256

8a7f259ecd7479314c5bd6e449a7b77f76173d4e636075f99a0b8eb765d3573a
SHA512

91ef92500c4e221be8a5a74b7f8a6329b22cbd547e0afa9b658b7a7d29bfb9a050ca1a29d34a85ae184501d916498a643966211fd920e80e6d66099f77433a9b
SSDEEP

768:usdUYVI40pItlyIwsiFStoXIwJag6kUL7rpM7Pokx88hsUA:HFVI4ttlliYWRJYLPG0kRNA

Score

10^/10

gozi_ifsb 20000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

20000

C2

trackingg-protectioon.cdn1.mozilla.net

185.240.103.79

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

Attributes

base_path
/uploaded/
build
250239
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  8a.exe
- Size
  
  37KB
- MD5
  
  2aa94a6251fd3fba8c103ccf82d81879
- SHA1
  
  c5c09029fd15ee2faa0f5b8bdcab61f4ecba5858
- SHA256
  
  8a7f259ecd7479314c5bd6e449a7b77f76173d4e636075f99a0b8eb765d3573a
- SHA512
  
  91ef92500c4e221be8a5a74b7f8a6329b22cbd547e0afa9b658b7a7d29bfb9a050ca1a29d34a85ae184501d916498a643966211fd920e80e6d66099f77433a9b
- SSDEEP
  
  768:usdUYVI40pItlyIwsiFStoXIwJag6kUL7rpM7Pokx88hsUA:HFVI4ttlliYWRJYLPG0kRNA
Score

10^/10

gozi_ifsb 20000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb20000bankertrojan

behavioral2

gozi_ifsb20000bankertrojan