gozi_ifsb | 3b33c6b7320cf749071c7de27f11d72960557e328ce3d2902d9f25fffced2e26 | Triage

Resubmissions

26-09-2022 11:54

220926-n2xrjsaff8 10

26-09-2022 03:59

220926-ej6r3ahcf8 10

Sharing

General

Target

3b33c6b7320cf749071c7de27f11d72960557e328ce3d2902d9f25fffced2e26
Size

202KB
Sample

220926-ej6r3ahcf8
MD5

586b8563ba9e881fc97c241ce28c3caa
SHA1

8aaa74a0f161b603b6e4bb0324137c8a608c9a24
SHA256

3b33c6b7320cf749071c7de27f11d72960557e328ce3d2902d9f25fffced2e26
SHA512

12e8411d39d7c13f9800a6b5e7a4f887b2206d7a2daf6682a827f29d8f335abd1c4b446a428aa82f0740875364c2295f985b1e4349f99e8ed090bdcde5006ac0
SSDEEP

3072:1K1pVH5sm5wzrngB90nGVf2f1tIaB8OFrfg6/PkIXx:mo3gB98GVfDW

Score

10^/10

gozi_ifsb 7777 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7777

C2

trackingg-protectioon.cdn4.mozilla.net

194.76.225.37

trackingg-protectioon.cdn5.mozilla.net

185.212.44.249

109.230.199.185

Attributes

base_path
/fonts/
build
250246
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3b33c6b7320cf749071c7de27f11d72960557e328ce3d2902d9f25fffced2e26
- Size
  
  202KB
- MD5
  
  586b8563ba9e881fc97c241ce28c3caa
- SHA1
  
  8aaa74a0f161b603b6e4bb0324137c8a608c9a24
- SHA256
  
  3b33c6b7320cf749071c7de27f11d72960557e328ce3d2902d9f25fffced2e26
- SHA512
  
  12e8411d39d7c13f9800a6b5e7a4f887b2206d7a2daf6682a827f29d8f335abd1c4b446a428aa82f0740875364c2295f985b1e4349f99e8ed090bdcde5006ac0
- SSDEEP
  
  3072:1K1pVH5sm5wzrngB90nGVf2f1tIaB8OFrfg6/PkIXx:mo3gB98GVfDW
Score

10^/10

gozi_ifsb 7777 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb7777bankertrojan

behavioral2

gozi_ifsb7777bankertrojan