gozi_ifsb | c0d1572f5c6a11dca488ae3c1ce49cedfb75c52eead502674808918f020cdacf | Triage

Sharing

General

Target

c0.exe
Size

37KB
Sample

220923-jx9s4ahecl
MD5

47409e7211c5c536453d8cef78545837
SHA1

4af95246987dbd57b981f93ebf8cfa606c83e21d
SHA256

c0d1572f5c6a11dca488ae3c1ce49cedfb75c52eead502674808918f020cdacf
SHA512

3f9988912f4f235596cf5c44b1825c68ec84643ec9c42b277b7cf6ef361472c88f63932a19010b944ed2594faa7210723487d1c55c93847dc1f1fb62d8b388eb
SSDEEP

768:ttGIijUZLyCJ80BErJ6MaxBJebSgNtKAwMZQ/qFf24F:HZimg0Y0FJeWgNtK+Z4q

Score

10^/10

gozi_ifsb 5002 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5002

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  c0.exe
- Size
  
  37KB
- MD5
  
  47409e7211c5c536453d8cef78545837
- SHA1
  
  4af95246987dbd57b981f93ebf8cfa606c83e21d
- SHA256
  
  c0d1572f5c6a11dca488ae3c1ce49cedfb75c52eead502674808918f020cdacf
- SHA512
  
  3f9988912f4f235596cf5c44b1825c68ec84643ec9c42b277b7cf6ef361472c88f63932a19010b944ed2594faa7210723487d1c55c93847dc1f1fb62d8b388eb
- SSDEEP
  
  768:ttGIijUZLyCJ80BErJ6MaxBJebSgNtKAwMZQ/qFf24F:HZimg0Y0FJeWgNtK+Z4q
Score

10^/10

gozi_ifsb 5002 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5002bankertrojan

behavioral2

gozi_ifsb5002bankertrojan