gozi_ifsb | e92ea15fc56fd7017c12c15a7054b660a306efcb3779c2798473094c301ea5e4 | Triage

Sharing

General

Target

e92ea15fc56fd7017c12c15a7054b660a306efcb3779c2798473094c301ea5e4
Size

313KB
Sample

221013-yhsctsbeep
MD5

61d5d1308d1969c0f76d0d225022f610
SHA1

03aa38d4b68abfc1a6b5af284077cc441ef80d23
SHA256

e92ea15fc56fd7017c12c15a7054b660a306efcb3779c2798473094c301ea5e4
SHA512

7a50baeaf13fd83031682b3fddafc07f461481bf02094ce51650ee85a9c1324bac0d6199eb82971eb3e96cb6a0bee6c809709f79aed9c7802abfb2eb25374f31
SSDEEP

6144:V/p+AsQg6UfzVrNNeGAVIjbnXclYSnKcHolk:p4RjKG3p9lk

Score

10^/10

gozi_ifsb banker trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
qwas.aiq.ru
Port:
21
Username:
u368737
Password:
vjtn4zsp

Targets

- Target
  
  e92ea15fc56fd7017c12c15a7054b660a306efcb3779c2798473094c301ea5e4
- Size
  
  313KB
- MD5
  
  61d5d1308d1969c0f76d0d225022f610
- SHA1
  
  03aa38d4b68abfc1a6b5af284077cc441ef80d23
- SHA256
  
  e92ea15fc56fd7017c12c15a7054b660a306efcb3779c2798473094c301ea5e4
- SHA512
  
  7a50baeaf13fd83031682b3fddafc07f461481bf02094ce51650ee85a9c1324bac0d6199eb82971eb3e96cb6a0bee6c809709f79aed9c7802abfb2eb25374f31
- SSDEEP
  
  6144:V/p+AsQg6UfzVrNNeGAVIjbnXclYSnKcHolk:p4RjKG3p9lk
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2