gozi_ifsb | 3b64b1a741c4181a4e336a441df6731fab9ce2ea9ecddb012ca0b089a05c97ec | Triage

Sharing

General

Target

SquirrelsFlow_beta.zip
Size

5.0MB
Sample

221002-rr253aaeg9
MD5

25d96e31d1f4a471df1a77b972a99541
SHA1

7ba59f397d8dc3e04a8ceaa7b1e6260f5ddd108b
SHA256

3b64b1a741c4181a4e336a441df6731fab9ce2ea9ecddb012ca0b089a05c97ec
SHA512

3063b49602c016b4825ef48dbc2762970741e3c29d4eded5bb24efe1542a7a8072f18eb393ef9c32431629d24eac0e83f813917d459c2ad8138d6e5729990090
SSDEEP

98304:CJJWpYoKS3eLgXUgEjk8fzeoBEIiLrCdPnOHMHAXO52Te5+HHRXveYPH5:CPW6oX33kk8r1KLrCdPn2dOgT0+zPZ

Score

10^/10

gozi_ifsb banker spyware trojan

Malware Config

Targets

- Target
  
  launcher v5.7.1.exe
- Size
  
  730.3MB
- MD5
  
  3608a41ad4e6bb97ac03dde57e1cdbee
- SHA1
  
  053b82d307d1d37b8edecefeb7db519a4d543261
- SHA256
  
  040d15a2ef782301ffbcdf4f2a1d7b810a9be14d2f94bdfa3eb65255239ad359
- SHA512
  
  efc7962c069ff00b6d245d41b5a23557f53bfb8a95e970577d6bf3662ab9de8281524dc70e2fb0a3b2ac7a0f7920b4ed51573e283138dacaba3b7c264a823c6c
- SSDEEP
  
  98304:TaJFGc5256dZjYLEkV9SeajZwsAq/04ahg6pJ7JRkR5Q:Wn5XnYlfNaahgsJ
Score

10^/10

gozi_ifsb banker spyware trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerspywaretrojan

behavioral2

gozi_ifsbbankerspywaretrojan

behavioral3

gozi_ifsbbankerspywaretrojan