gozi_ifsb | 6865af3f02609dcdd2e339d3bf262682c3d3d4ab8e842254f7651f473bdcac3f | Triage

Sharing

General

Target

SquirrelsFlow_beta.rar
Size

4.1MB
Sample

221002-sf581sdcdn
MD5

02c0d12bbff54248e4d07b700fdc4e9e
SHA1

7ccca0d363776a3745caaa931278635d9d5c66a6
SHA256

6865af3f02609dcdd2e339d3bf262682c3d3d4ab8e842254f7651f473bdcac3f
SHA512

3419c974059d08be76cdbbec40370c7722384339acc1f3a138d25e0ad2059f8ce7278be427daee4a845b5bba757438c6e7cc4bf557f638a02cac5f231b6f5100
SSDEEP

98304:csWr94VR+yYB6e4Kfqr8VsEzpw38/FlfZCc+R2y+j6AbwS9IpmuA3mEuS:csWuiZ6e4qskH/vZCcV7j6AECIpmuA31

Score

10^/10

gozi_ifsb banker spyware trojan

Malware Config

Targets

- Target
  
  SquirrelsFlow_beta/launcher v5.7.1.exe
- Size
  
  730.3MB
- MD5
  
  3608a41ad4e6bb97ac03dde57e1cdbee
- SHA1
  
  053b82d307d1d37b8edecefeb7db519a4d543261
- SHA256
  
  040d15a2ef782301ffbcdf4f2a1d7b810a9be14d2f94bdfa3eb65255239ad359
- SHA512
  
  efc7962c069ff00b6d245d41b5a23557f53bfb8a95e970577d6bf3662ab9de8281524dc70e2fb0a3b2ac7a0f7920b4ed51573e283138dacaba3b7c264a823c6c
- SSDEEP
  
  98304:TaJFGc5256dZjYLEkV9SeajZwsAq/04ahg6pJ7JRkR5Q:Wn5XnYlfNaahgsJ
Score

10^/10

gozi_ifsb banker spyware trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerspywaretrojan

behavioral2

gozi_ifsbbankerspywaretrojan