gozi_ifsb | 24516dd388a074b37feb07fab5a6b790a59a934c01ad8f2c133c70418d835b8c | Triage

Sharing

General

Target

8175696516.zip
Size

67KB
Sample

221018-xd2j9sgga2
MD5

5144a74c72da2219d5546d61a01daaef
SHA1

0a365f7de95ff2a7725eaef6e4a2f36d83583179
SHA256

24516dd388a074b37feb07fab5a6b790a59a934c01ad8f2c133c70418d835b8c
SHA512

6295e2d58523a4502b577e97bd4596c6db952043c476d16da99b756057657b1de28c9c170e7498ec8150b1a785242b1d8eec929a294509b4410b61323bb550a5
SSDEEP

1536:Y5ePw1yQ6McuwMbx9RcF04rG2+DcXf8av1XMXux6XB73wgrKQ:YkIMQ6McubexgDw8GeXux6Xl3wgrJ

Score

10^/10

gozi_ifsb 5000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

config.edge.skype.com

onlinetwork.top

linetwork.top

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  b51f67e67847ed20c75ef9bc8e057f0d93e2fa62bdf1df1a87d3f772603a59ff
- Size
  
  116KB
- MD5
  
  098e2b15bb37766a99b7bec04c504b78
- SHA1
  
  03ab72c389de1ce28605605a6fa0448802124f78
- SHA256
  
  b51f67e67847ed20c75ef9bc8e057f0d93e2fa62bdf1df1a87d3f772603a59ff
- SHA512
  
  035583149c9525cfe6a0019d3a64776bba5d483a6c118460d63f89f1bb9b055333401bfae8eb7e2492f34ca1650453bf19b003738b6e3d730db700f8e7095ecf
- SSDEEP
  
  3072:F14Nm3YTyii7bLYB0s7+Ec7V6bW2nnW6rifrQc1+lUmT:PvawYB0v72n6rQA+b
Score

10^/10

gozi_ifsb 5000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5000bankertrojan

behavioral2

gozi_ifsb5000bankertrojan