gozi_ifsb | 1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef | Triage

Resubmissions

28-09-2022 18:52

220928-xh5gqaggg5 10

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-09-2022 18:52

Sharing

Report Analysis Logs

General

Target

d2ef5.exe
Size

37KB
MD5

ae3d7de4671718a92cdceae507d9c5e2
SHA1

1bc85809ddd4411897232c691a2c866f5db67175
SHA256

1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef
SHA512

bb9433baa53b018356e5e164c05196a0d29213466b8ad4caf428636977b829406a01be258b5560e8c4fd69e646f564867131ba52cde860cc9d6add3c8989e488
SSDEEP

768:eQLm41fM01vAPyRPq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiuMPc:eL41fMSvGAPqlaPGhVMq2LpeReOb2Pmi

Score

10^/10

gozi_ifsb 10101 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10101

C2

trackingg-protectioon.cdn1.mozilla.net

45.8.158.104

188.127.224.114

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

iujdhsndjfks.com

Attributes

base_path
/uploaded/
build
250246
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

C:\Users\Admin\AppData\Local\Temp\d2ef5.exe
"C:\Users\Admin\AppData\Local\Temp\d2ef5.exe"
1⤵
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-54-0x0000000000030000-0x000000000003D000-memory.dmp

Filesize
52KB

Download