gozi_ifsb | 265b2bddff25ec6028a79f4b4163e6907c342fd543e81caa19bc51d1a277509a | Triage

Sharing

General

Target

26.exe
Size

37KB
Sample

220923-kg1e6ahfdp
MD5

856df3bff4296836aad8c580fd7ff89b
SHA1

4bc3224e123cb07a728b30112c7e4bec5853659f
SHA256

265b2bddff25ec6028a79f4b4163e6907c342fd543e81caa19bc51d1a277509a
SHA512

d496206d396c3fbcb3be9bba2118481c38f21cd53f605ba1e709a51c4044e8c58baf69ae6d1e2d5012630f6de33890bcf63f2c4d9cc69ddecc8e150b0932b0a5
SSDEEP

768:dtGIijUZ/yV2ppYTIG4iSEDHaFA3rIKIt907wKZ:3ZiqlppYTn/HDHX/JZ

Score

10^/10

gozi_ifsb 5001 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5001

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  26.exe
- Size
  
  37KB
- MD5
  
  856df3bff4296836aad8c580fd7ff89b
- SHA1
  
  4bc3224e123cb07a728b30112c7e4bec5853659f
- SHA256
  
  265b2bddff25ec6028a79f4b4163e6907c342fd543e81caa19bc51d1a277509a
- SHA512
  
  d496206d396c3fbcb3be9bba2118481c38f21cd53f605ba1e709a51c4044e8c58baf69ae6d1e2d5012630f6de33890bcf63f2c4d9cc69ddecc8e150b0932b0a5
- SSDEEP
  
  768:dtGIijUZ/yV2ppYTIG4iSEDHaFA3rIKIt907wKZ:3ZiqlppYTn/HDHX/JZ
Score

10^/10

gozi_ifsb 5001 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5001bankertrojan

behavioral2

gozi_ifsb5001bankertrojan