gozi_ifsb | 265b2bddff25ec6028a79f4b4163e6907c342fd543e81caa19bc51d1a277509a | Triage

Submit
Reports

Overview

overview

Static

static

26.exe

windows7-x64

26.exe

windows10-2004-x64

Analysis

max time kernel
103s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2022, 08:35

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

26.exe

Resource

win7-20220812-en

gozi_ifsb 5001 banker trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

26.exe

Resource

win10v2004-20220812-en

gozi_ifsb 5001 banker trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

26.exe
Size

37KB
MD5

856df3bff4296836aad8c580fd7ff89b
SHA1

4bc3224e123cb07a728b30112c7e4bec5853659f
SHA256

265b2bddff25ec6028a79f4b4163e6907c342fd543e81caa19bc51d1a277509a
SHA512

d496206d396c3fbcb3be9bba2118481c38f21cd53f605ba1e709a51c4044e8c58baf69ae6d1e2d5012630f6de33890bcf63f2c4d9cc69ddecc8e150b0932b0a5
SSDEEP

768:dtGIijUZ/yV2ppYTIG4iSEDHaFA3rIKIt907wKZ:3ZiqlppYTn/HDHX/JZ

Score

10^/10

gozi_ifsb 5001 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5001

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\26.exe
"C:\Users\Admin\AppData\Local\Temp\26.exe"
1⤵
PID:4904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4904-132-0x00000000005E0000-0x00000000005ED000-memory.dmp

Filesize
52KB

Download

© 2018-2025

Terms | Privacy