gozi_ifsb | 41104482c3179482dde38760607cce8fa221a12fe1271da025122e712b73043d | Triage

Sharing

General

Target

41104482c3179482dde38760607cce8fa221a12fe1271da025122e712b73043d
Size

130KB
Sample

221003-c1swescde5
MD5

4aa9b120c966fb5aba8cd8f07ae141d4
SHA1

b8dd760c1dd5cb3d789a61df0bae9f6b04f1843c
SHA256

41104482c3179482dde38760607cce8fa221a12fe1271da025122e712b73043d
SHA512

5b68e57eb37fa29634d1b5ac7ab3f33358a274aeeeedb3342631c6621b70c47647eb8f257779bb66c2c02ec2529ea3e13a674d65507165ff54affdf07ebf74c2
SSDEEP

1536:TOVGKPzV1EoUNXUfsCAIGoakw9G4+mvIFqdZE7mGy7xnhPGWUKMl9Lskssjd3s:TEGsz3FwoNw9D+mvIFIE7mGy9hkoij6

Score

10^/10

gozi_ifsb banker persistence trojan

Malware Config

Targets

- Target
  
  41104482c3179482dde38760607cce8fa221a12fe1271da025122e712b73043d
- Size
  
  130KB
- MD5
  
  4aa9b120c966fb5aba8cd8f07ae141d4
- SHA1
  
  b8dd760c1dd5cb3d789a61df0bae9f6b04f1843c
- SHA256
  
  41104482c3179482dde38760607cce8fa221a12fe1271da025122e712b73043d
- SHA512
  
  5b68e57eb37fa29634d1b5ac7ab3f33358a274aeeeedb3342631c6621b70c47647eb8f257779bb66c2c02ec2529ea3e13a674d65507165ff54affdf07ebf74c2
- SSDEEP
  
  1536:TOVGKPzV1EoUNXUfsCAIGoakw9G4+mvIFqdZE7mGy7xnhPGWUKMl9Lskssjd3s:TEGsz3FwoNw9D+mvIFIE7mGy9hkoij6
Score

10^/10

gozi_ifsb banker persistence trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerpersistencetrojan

behavioral2