gozi_ifsb | 0a29b10924ea642679264861b1040bf5e9c881402fba8c5fbf8bbb09c942450b | Triage

Sharing

General

Target

89ec3b5cc3f5e1c742b472a53c53ac0ad9747cda
Size

630KB
Sample

221007-cb79tabce8
MD5

74db94527e0ea0dc92b2fc4c2e666bd4
SHA1

89ec3b5cc3f5e1c742b472a53c53ac0ad9747cda
SHA256

0a29b10924ea642679264861b1040bf5e9c881402fba8c5fbf8bbb09c942450b
SHA512

30db4453b25a7ef6767bf067cc5877c17c2067e2acc104caf1c50360494ee1e489ccad8e42438b8e67d631334d86d3ad9c71084b616e059b455f38f5c616296d
SSDEEP

12288:i+CDYSJ1OdWOMWx/jaKHQDla2dhzPXgNTlfRf5jPRxL7asj:ifDYSnKMWx+K2aAwllfRdH9j

Score

10^/10

gozi_ifsb 3000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

79.110.52.8

79.110.52.80

193.106.191.163

Attributes

base_path
/drew/
build
250240
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  89ec3b5cc3f5e1c742b472a53c53ac0ad9747cda
- Size
  
  630KB
- MD5
  
  74db94527e0ea0dc92b2fc4c2e666bd4
- SHA1
  
  89ec3b5cc3f5e1c742b472a53c53ac0ad9747cda
- SHA256
  
  0a29b10924ea642679264861b1040bf5e9c881402fba8c5fbf8bbb09c942450b
- SHA512
  
  30db4453b25a7ef6767bf067cc5877c17c2067e2acc104caf1c50360494ee1e489ccad8e42438b8e67d631334d86d3ad9c71084b616e059b455f38f5c616296d
- SSDEEP
  
  12288:i+CDYSJ1OdWOMWx/jaKHQDla2dhzPXgNTlfRf5jPRxL7asj:ifDYSnKMWx+K2aAwllfRdH9j
Score

10^/10

gozi_ifsb 3000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb3000bankertrojan