gozi_ifsb | 61c6ff9e901b61276f7c5ef88d8701d0fd91e47f9fe8e595ae95db15d045886f | Triage

Sharing

General

Target

aaa.dll
Size

504KB
Sample

220930-e77z2acee4
MD5

67244049c813463470ac52fe63f481a7
SHA1

8409160722d827f1112763478eb989770e0f6437
SHA256

61c6ff9e901b61276f7c5ef88d8701d0fd91e47f9fe8e595ae95db15d045886f
SHA512

933abecad550a05313a1b7b260624c059762b342db357cc951c60b7d469a949363bd1e8a2721f83cb884425d40f754d693ae2ae61c04e08e1abab07dd8359e8b
SSDEEP

6144:eEZjSPANWjOuuPdo4JrNOiduRVBVSjcdZ0nPjlv7oMLo7490BszloJ5ICZO/+:RdlJOkuRVfa48LljoMLoE90Co5dL

Score

10^/10

gozi_ifsb 3000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

89.41.26.99

89.45.4.102

193.106.191.163

interstarts.top

superlist.top

internetcoca.in

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  aaa.dll
- Size
  
  504KB
- MD5
  
  67244049c813463470ac52fe63f481a7
- SHA1
  
  8409160722d827f1112763478eb989770e0f6437
- SHA256
  
  61c6ff9e901b61276f7c5ef88d8701d0fd91e47f9fe8e595ae95db15d045886f
- SHA512
  
  933abecad550a05313a1b7b260624c059762b342db357cc951c60b7d469a949363bd1e8a2721f83cb884425d40f754d693ae2ae61c04e08e1abab07dd8359e8b
- SSDEEP
  
  6144:eEZjSPANWjOuuPdo4JrNOiduRVBVSjcdZ0nPjlv7oMLo7490BszloJ5ICZO/+:RdlJOkuRVfa48LljoMLoE90Co5dL
Score

10^/10

gozi_ifsb 3000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3000bankertrojan

behavioral2

gozi_ifsb3000bankertrojan