gozi_ifsb | b467220263eeecd1540d6dd9fb7ae1d4d7a0b14cabd14d66231a5c10f8fb4205 | Triage

Sharing

General

Target

b467220263eeecd1540d6dd9fb7ae1d4d7a0b14cabd14d66231a5c10f8fb4205
Size

511KB
Sample

220930-pmykzaedgn
MD5

b168b018582b096d8cdeb8e1ebc5f6b2
SHA1

5dc6b11fc92b846963a15089cf00da43426e6f03
SHA256

b467220263eeecd1540d6dd9fb7ae1d4d7a0b14cabd14d66231a5c10f8fb4205
SHA512

9db9847ef5f8b45ee1bd347cc36c6e6cd6cd5e3e3d39f1c768ce8b9bd04ada52902e86ace8d2b20acc06955131bc1d3f941998e1486732c9a92e8fd1526f8f27
SSDEEP

6144:ATZBx+7jsPTl/N80J849j3si2Hw2Kfl0OA5P1rh/YwOnhu58jT7FWQ+ICBFQ5jym:WZP+7jsZS0r59Qw3RxjkePx

Score

10^/10

gozi_ifsb 3000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

89.41.26.99

89.45.4.102

interstarts.top

superlist.top

internetcoca.in

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  b467220263eeecd1540d6dd9fb7ae1d4d7a0b14cabd14d66231a5c10f8fb4205
- Size
  
  511KB
- MD5
  
  b168b018582b096d8cdeb8e1ebc5f6b2
- SHA1
  
  5dc6b11fc92b846963a15089cf00da43426e6f03
- SHA256
  
  b467220263eeecd1540d6dd9fb7ae1d4d7a0b14cabd14d66231a5c10f8fb4205
- SHA512
  
  9db9847ef5f8b45ee1bd347cc36c6e6cd6cd5e3e3d39f1c768ce8b9bd04ada52902e86ace8d2b20acc06955131bc1d3f941998e1486732c9a92e8fd1526f8f27
- SSDEEP
  
  6144:ATZBx+7jsPTl/N80J849j3si2Hw2Kfl0OA5P1rh/YwOnhu58jT7FWQ+ICBFQ5jym:WZP+7jsZS0r59Qw3RxjkePx
Score

10^/10

gozi_ifsb 3000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3000bankertrojan

behavioral2

gozi_ifsb3000bankertrojan