gozi_ifsb | c0e28d4e88c59688657c839c344e6c1289002ef0ba461ebbf3cd4b75949312e9 | Triage

Sharing

General

Target

c0.exe
Size

37KB
Sample

220926-qvnw6scbaq
MD5

e1f3b1b510e7c2d9c5606e524d20ed4b
SHA1

b61b6575974fd8e427a0bf15970d99a4b4dd8440
SHA256

c0e28d4e88c59688657c839c344e6c1289002ef0ba461ebbf3cd4b75949312e9
SHA512

50dbd2a22a2ee38a3be7163a539dc9d584a471eef8e443441fbbc48ffe58b35bddbe3256d21c71ea004688058e37e0692fa565f5a2c7a3c1c84910c5b39b4179
SSDEEP

768:/QLm41fM01vAIyRCq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiut:/L41fMSvxACqlaPGhVMq2LpeReOb2Pmr

Score

10^/10

gozi_ifsb 10103 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10103

C2

trackingg-protectioon.cdn1.mozilla.net

45.8.158.104

188.127.224.114

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

iujdhsndjfks.com

Attributes

base_path
/uploaded/
build
250246
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  c0.exe
- Size
  
  37KB
- MD5
  
  e1f3b1b510e7c2d9c5606e524d20ed4b
- SHA1
  
  b61b6575974fd8e427a0bf15970d99a4b4dd8440
- SHA256
  
  c0e28d4e88c59688657c839c344e6c1289002ef0ba461ebbf3cd4b75949312e9
- SHA512
  
  50dbd2a22a2ee38a3be7163a539dc9d584a471eef8e443441fbbc48ffe58b35bddbe3256d21c71ea004688058e37e0692fa565f5a2c7a3c1c84910c5b39b4179
- SSDEEP
  
  768:/QLm41fM01vAIyRCq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiut:/L41fMSvxACqlaPGhVMq2LpeReOb2Pmr
Score

10^/10

gozi_ifsb 10103 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozi_ifsb10103bankertrojan