gozi_ifsb | 5a8f5497f864beac188b72f77b22e1cbc1ecbb476e53c14403bd5a69515a2670 | Triage

Sharing

General

Target

5a.exe
Size

37KB
Sample

220923-kh5q9shfel
MD5

41e2c611cc3f2f29f9f49d0b08ff848e
SHA1

8fea009ecbf72d09559d98d60a624b5ab83f5523
SHA256

5a8f5497f864beac188b72f77b22e1cbc1ecbb476e53c14403bd5a69515a2670
SHA512

acb39af622cc0087ca01480033a247f0a7ba251071a1904983f95a80448fff005a382c68d8887ad0624860625167c56f0d9d8f3efe63ea104819706684349b1d
SSDEEP

768:StGIijUZMyqHPJUm0Po/zUNRUPDOn67IvkvQA1j4i9Aju8Xw:UZi55PJegLUNRUrAnA1j4

Score

10^/10

gozi_ifsb 5000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  5a.exe
- Size
  
  37KB
- MD5
  
  41e2c611cc3f2f29f9f49d0b08ff848e
- SHA1
  
  8fea009ecbf72d09559d98d60a624b5ab83f5523
- SHA256
  
  5a8f5497f864beac188b72f77b22e1cbc1ecbb476e53c14403bd5a69515a2670
- SHA512
  
  acb39af622cc0087ca01480033a247f0a7ba251071a1904983f95a80448fff005a382c68d8887ad0624860625167c56f0d9d8f3efe63ea104819706684349b1d
- SSDEEP
  
  768:StGIijUZMyqHPJUm0Po/zUNRUPDOn67IvkvQA1j4i9Aju8Xw:UZi55PJegLUNRUrAnA1j4
Score

10^/10

gozi_ifsb 5000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5000bankertrojan

behavioral2

gozi_ifsb5000bankertrojan