gozi_ifsb | 437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e | Triage

Sharing

General

Target

437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e
Size

292KB
Sample

221013-q5yt5agcf6
MD5

658464a09959d753d8ac3a7e00bbf050
SHA1

5dae102745d9a1c2925b4767e450c7deb49ce60b
SHA256

437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e
SHA512

4c989f43f33631d27d3ee6ff9f92d9c0885668065738691015db43179b5aebcd3ddedf8b039ec0185ec8ed2e39fc22c0144cf1570ab437e1cf6f2ef5a1fe65c0
SSDEEP

6144:zM0XK+bjFcnvSuifgZdadHY0BrDYA/ICl4aZYYz:zMxEFIPad4sR/Ia4WY8

Score

10^/10

gozi_ifsb 599957 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

599957

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e
- Size
  
  292KB
- MD5
  
  658464a09959d753d8ac3a7e00bbf050
- SHA1
  
  5dae102745d9a1c2925b4767e450c7deb49ce60b
- SHA256
  
  437ea966d01fadbe9259375004b57942bfcfad170ba9afc470eaefb9492ee69e
- SHA512
  
  4c989f43f33631d27d3ee6ff9f92d9c0885668065738691015db43179b5aebcd3ddedf8b039ec0185ec8ed2e39fc22c0144cf1570ab437e1cf6f2ef5a1fe65c0
- SSDEEP
  
  6144:zM0XK+bjFcnvSuifgZdadHY0BrDYA/ICl4aZYYz:zMxEFIPad4sR/Ia4WY8
Score

10^/10

gozi_ifsb 599957 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb599957bankertrojan

behavioral2

gozi_ifsb599957bankertrojan