gozi_ifsb | 5a8f5497f864beac188b72f77b22e1cbc1ecbb476e53c14403bd5a69515a2670 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5a.exe

windows7-x64

5a.exe

windows10-2004-x64

Analysis

max time kernel
127s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2022, 08:37

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5a.exe

Resource

win7-20220812-en

gozi_ifsb 5000 banker trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a.exe

Resource

win10v2004-20220812-en

gozi_ifsb 5000 banker trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

5a.exe
Size

37KB
MD5

41e2c611cc3f2f29f9f49d0b08ff848e
SHA1

8fea009ecbf72d09559d98d60a624b5ab83f5523
SHA256

5a8f5497f864beac188b72f77b22e1cbc1ecbb476e53c14403bd5a69515a2670
SHA512

acb39af622cc0087ca01480033a247f0a7ba251071a1904983f95a80448fff005a382c68d8887ad0624860625167c56f0d9d8f3efe63ea104819706684349b1d
SSDEEP

768:StGIijUZMyqHPJUm0Po/zUNRUPDOn67IvkvQA1j4i9Aju8Xw:UZi55PJegLUNRUrAnA1j4

Score

10^/10

gozi_ifsb 5000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\5a.exe
"C:\Users\Admin\AppData\Local\Temp\5a.exe"
1⤵
PID:4244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4244-132-0x0000000000870000-0x000000000087D000-memory.dmp

Filesize
52KB

Download

© 2018-2025

Terms | Privacy