gozi_ifsb | adc9b4cb1e28544650105ab18a56bead0d8e2f2bbf77156683b5331b6060140d | Triage

Sharing

General

Target

adc9b4cb1e28544650105ab18a56bead0d8e2f2bbf77156683b5331b6060140d
Size

370KB
Sample

221013-vgn28sebb7
MD5

5cf7fc7c80c42516bd3854417ccf6740
SHA1

049b0b593cedc880f46436b3134b5d4783de415d
SHA256

adc9b4cb1e28544650105ab18a56bead0d8e2f2bbf77156683b5331b6060140d
SHA512

d7e7db1d4b6ee03135fd1383323880881f4efbc6254903bf78adc18fdf9c9af8730456189ef55ae2be64e695656dff57ad8c9faed574c65035d9664e318daa7d
SSDEEP

6144:is9nB3cwgQccgBs9Hu5qRY41QnMWGMRosf9WSf4VzQtwHwwnn8rVN1c:viwgQcctH8qP1QnxGioqrwfHZslc

Score

10^/10

gozi_ifsb banker bootkit persistence trojan

Malware Config

Targets

- Target
  
  adc9b4cb1e28544650105ab18a56bead0d8e2f2bbf77156683b5331b6060140d
- Size
  
  370KB
- MD5
  
  5cf7fc7c80c42516bd3854417ccf6740
- SHA1
  
  049b0b593cedc880f46436b3134b5d4783de415d
- SHA256
  
  adc9b4cb1e28544650105ab18a56bead0d8e2f2bbf77156683b5331b6060140d
- SHA512
  
  d7e7db1d4b6ee03135fd1383323880881f4efbc6254903bf78adc18fdf9c9af8730456189ef55ae2be64e695656dff57ad8c9faed574c65035d9664e318daa7d
- SSDEEP
  
  6144:is9nB3cwgQccgBs9Hu5qRY41QnMWGMRosf9WSf4VzQtwHwwnn8rVN1c:viwgQcctH8qP1QnxGioqrwfHZslc
Score

10^/10

gozi_ifsb banker bootkit persistence trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Deletes itself
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerbootkitpersistencetrojan

behavioral2