gozi_ifsb | 4de0201aa4121f4f87ff7088f5705f2df799e857ca77f31a46f7a83297e6c85c | Triage

Resubmissions

23-09-2022 14:22

220923-rpte5saedn 10

23-09-2022 14:16

220923-rlj3ashba8 10

Sharing

General

Target

8072276119.zip
Size

32KB
Sample

220923-rpte5saedn
MD5

9da113cb426ba6e34af9a0381872384b
SHA1

386205b8948eb97547f1b24377af4c063d73f694
SHA256

4de0201aa4121f4f87ff7088f5705f2df799e857ca77f31a46f7a83297e6c85c
SHA512

4eeb67b4a7cf8586ad1ba48ad8c222a39e9027a1e346ca36fc6f4fc17e08815a1b71a21922d09c998d4d7b22fa5dc74c39accf22527769d9d1b0af0ea277da0b
SSDEEP

768:fQWnPBTOHawIbwxmAlOcsEfcmKlcei5wGcnN9VRp7slSIm:fQWn9fwIbW3EcsEfcmmgbcJP7sY

Score

10^/10

gozi_ifsb 10101 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10101

C2

trackingg-protectioon.cdn1.mozilla.net

45.8.158.104

188.127.224.114

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

iujdhsndjfks.com

Attributes

base_path
/uploaded/
build
250246
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef
- Size
  
  37KB
- MD5
  
  ae3d7de4671718a92cdceae507d9c5e2
- SHA1
  
  1bc85809ddd4411897232c691a2c866f5db67175
- SHA256
  
  1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef
- SHA512
  
  bb9433baa53b018356e5e164c05196a0d29213466b8ad4caf428636977b829406a01be258b5560e8c4fd69e646f564867131ba52cde860cc9d6add3c8989e488
- SSDEEP
  
  768:eQLm41fM01vAPyRPq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiuMPc:eL41fMSvGAPqlaPGhVMq2LpeReOb2Pmi
Score

10^/10

gozi_ifsb 10101 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb10101bankertrojan

behavioral2

gozi_ifsb10101bankertrojan