gozi_ifsb | 8c340810b289bb9addfc9edb7c6dcd47d9f990135bac7b43406a985383b71da1 | Triage

Sharing

General

Target

8c340810b289bb9addfc9edb7c6dcd47d9f990135bac7b43406a985383b71da1
Size

237KB
Sample

221012-25grdsgdbp
MD5

7828f04aee05ad7e4347a68c431b1fb1
SHA1

1ef468bd21702883264cf01fc7412ba681713ccc
SHA256

8c340810b289bb9addfc9edb7c6dcd47d9f990135bac7b43406a985383b71da1
SHA512

953d1d7cab60bf73b840a4c5c7b0f24ffc8f7a3cca62595ba933a9a4a590f7549a62fc839ebfdab2d152804b3f1eb876c47553e05451d71f5ac1d7bb9cdbef4c
SSDEEP

6144:1QmqVJbaflmsnFJlJfn5WsR4t5n3jJ9ZMjvA5wG:1GnKF1f5W24t5t9Z2vA

Score

10^/10

gozi_ifsb 3 banker persistence trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3

C2

rootapi.su

root-api.su

rootapigoogle.su

rootapi-google.su

root-apigoogle.su

rootgoogle.su

root-google.su

rootgoogleapi.su

rootgoogle-api.su

root-googleapi.su

91.226.212.148

Attributes

exe_type
worker

rsa_pubkey.plain

Targets

- Target
  
  8c340810b289bb9addfc9edb7c6dcd47d9f990135bac7b43406a985383b71da1
- Size
  
  237KB
- MD5
  
  7828f04aee05ad7e4347a68c431b1fb1
- SHA1
  
  1ef468bd21702883264cf01fc7412ba681713ccc
- SHA256
  
  8c340810b289bb9addfc9edb7c6dcd47d9f990135bac7b43406a985383b71da1
- SHA512
  
  953d1d7cab60bf73b840a4c5c7b0f24ffc8f7a3cca62595ba933a9a4a590f7549a62fc839ebfdab2d152804b3f1eb876c47553e05451d71f5ac1d7bb9cdbef4c
- SSDEEP
  
  6144:1QmqVJbaflmsnFJlJfn5WsR4t5n3jJ9ZMjvA5wG:1GnKF1f5W24t5t9Z2vA
Score

10^/10

gozi_ifsb 3 banker trojan persistence
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsb3bankertrojan

behavioral2

gozi_ifsb3bankerpersistencetrojan