gozi_ifsb | 4885e5e312f4ebbb9bb5f5e70cbdc92c67e7cc66dd62a8f4c20a5c1b55a35f9f | Triage

Sharing

General

Target

4885e5e312f4ebbb9bb5f5e70cbdc92c67e7cc66dd62a8f4c20a5c1b55a35f9f
Size

540KB
Sample

221002-2a5jzaegaq
MD5

70cc37cc89d0f613a1fa409a1bffc350
SHA1

dce71bee375f8ee4e7730eb68f9d51617901af81
SHA256

4885e5e312f4ebbb9bb5f5e70cbdc92c67e7cc66dd62a8f4c20a5c1b55a35f9f
SHA512

9393a15d51f15c739dc4a407fb1a6de9eecb3cb234784ca5fd3ce19c4e4184a87e4a512f6bbdfa739e45b053c1c884669ccbfb05d36165fbeeb7cda60100c080
SSDEEP

12288:uUTesvIetT+PCk/96zLzxGb4+Ams9dsjtCm09GQByhJiC7zx3dVxfcHZVO:jfk/af13spF0Pkoc37GHZc

Score

10^/10

gozi_ifsb 3002 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3002

C2

volaya.ru

mankiza.ru

blog.click-catalog.ru

news.new-webs.ru

new-run.cc

new-run.pk

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4885e5e312f4ebbb9bb5f5e70cbdc92c67e7cc66dd62a8f4c20a5c1b55a35f9f
- Size
  
  540KB
- MD5
  
  70cc37cc89d0f613a1fa409a1bffc350
- SHA1
  
  dce71bee375f8ee4e7730eb68f9d51617901af81
- SHA256
  
  4885e5e312f4ebbb9bb5f5e70cbdc92c67e7cc66dd62a8f4c20a5c1b55a35f9f
- SHA512
  
  9393a15d51f15c739dc4a407fb1a6de9eecb3cb234784ca5fd3ce19c4e4184a87e4a512f6bbdfa739e45b053c1c884669ccbfb05d36165fbeeb7cda60100c080
- SSDEEP
  
  12288:uUTesvIetT+PCk/96zLzxGb4+Ams9dsjtCm09GQByhJiC7zx3dVxfcHZVO:jfk/af13spF0Pkoc37GHZc
Score

10^/10

gozi_ifsb 3002 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3002bankertrojan

behavioral2

gozi_ifsb3002bankertrojan