gozi_ifsb | 6b722961edc010c5487de4ef7eee84b586ac3c3f06dbd1920935ea5f7bb90543 | Triage

Sharing

General

Target

Lx6.exe
Size

37KB
Sample

221011-p2cbaaegem
MD5

3b892bea0f8cbe0b61ee380743567d1d
SHA1

90522132e3a97e966e5270a8e105cc33f0d6c4e5
SHA256

6b722961edc010c5487de4ef7eee84b586ac3c3f06dbd1920935ea5f7bb90543
SHA512

120c7f3d22858dd7cb02f67bf6ff38dd9ba1f32d6fdfe18c7f9dde76ab20b435f98f4e4e54b7967422755cb6dedf0c575d360a1339c3a4cff69f556647045e3b
SSDEEP

768:Z41V8UHIm2wyBdcNtW2RTYBfx6w39rDE3Lkjx2K/ZK38ua:ZefIZwAdeD8B56w39HE384h38

Score

10^/10

gozi_ifsb 1900 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1900

C2

tel12.msn.com

194.76.225.60

185.212.47.133

Attributes

base_path
/doorway/
build
250240
exe_type
loader
extension
.drr
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Lx6.exe
- Size
  
  37KB
- MD5
  
  3b892bea0f8cbe0b61ee380743567d1d
- SHA1
  
  90522132e3a97e966e5270a8e105cc33f0d6c4e5
- SHA256
  
  6b722961edc010c5487de4ef7eee84b586ac3c3f06dbd1920935ea5f7bb90543
- SHA512
  
  120c7f3d22858dd7cb02f67bf6ff38dd9ba1f32d6fdfe18c7f9dde76ab20b435f98f4e4e54b7967422755cb6dedf0c575d360a1339c3a4cff69f556647045e3b
- SSDEEP
  
  768:Z41V8UHIm2wyBdcNtW2RTYBfx6w39rDE3Lkjx2K/ZK38ua:ZefIZwAdeD8B56w39HE384h38
Score

10^/10

gozi_ifsb 1900 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1900bankertrojan

behavioral2

gozi_ifsb1900bankertrojan