gozi_ifsb | 893ba03135a5e8e53d4413ae269f85cab2dd56b451bd99cc233064df402d3f84 | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-09-2022 08:01

Sharing

Report Analysis Logs

General

Target

89.exe
Size

37KB
MD5

6fd188840e7d734b23a5b22ae7eb0e6d
SHA1

d156adc662164a272c8a70ac013cae8b9dfdf6fb
SHA256

893ba03135a5e8e53d4413ae269f85cab2dd56b451bd99cc233064df402d3f84
SHA512

c63eb0695e5dc2dc8b643a8c7cbd4c499be9ad6236d8792f5ec1ac4ad6bc22b82e8aa01f6a859240151e8534f920cf71e45123a424ee1efa8178cc813464b2c1
SSDEEP

768:SsdUYVI40pItPyDOXXQepWOr60DiREQwFepXBkiKbXuDtcSqDZKkCIof:jFVI4ttPbmOr5iREh8jpDuAFIof

Score

10^/10

gozi_ifsb 1200 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1200

C2

anrfrm.msn.com

194.76.225.90

msggi.msn.com

194.76.225.56

194.76.225.91

Attributes

base_path
/zerobin/
build
250239
exe_type
loader
extension
.bon
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\89.exe
"C:\Users\Admin\AppData\Local\Temp\89.exe"
1⤵
PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-54-0x0000000000030000-0x000000000003D000-memory.dmp

Filesize
52KB

Download