gozi_ifsb | f370ff21c450924ef96d5a78576693c6139ce208c270a45178c9ecbf3637ffb7 | Triage

Sharing

General

Target

8209336365.zip
Size

226KB
Sample

221019-jr1y1afae4
MD5

7282076f4e91f0c08b386d1c8a0057ff
SHA1

7146478f3642b6f00a5258c81ca544aaee2a2bcf
SHA256

f370ff21c450924ef96d5a78576693c6139ce208c270a45178c9ecbf3637ffb7
SHA512

7ce4afc031f6578ee3eb88b596d311d750461b034300a87ef40fb1af74db76c41f4efae74762383559c668b126653c14b152dab40c249a5ba5ff7c8939992b9f
SSDEEP

6144:9u+QrT5mP1NRMhQgXvEwiN50paEocBGt6+5DbPX/W7kG5:0+0N21NRMhQgXvEBOw9cBGt/DD+73

Score

10^/10

gozi_ifsb 1500 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

app10.laptok.at

apt.feel500.at

init.in100k.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1dba5f321b3b289692f794c663ba008a9424f2a845f4b453e00ce0ea52450845
- Size
  
  364KB
- MD5
  
  32a1ba8b559bf66052bc2eac774696ad
- SHA1
  
  8aacf9a09a59b703d9f24afc16188eb097f32710
- SHA256
  
  1dba5f321b3b289692f794c663ba008a9424f2a845f4b453e00ce0ea52450845
- SHA512
  
  683605a70b1c808430c7f5fea10ab23fa7e064afb2bf2f8b87aeeb1cc3c71732245b9533c421125fc89a35f9020a5a88d5be6886b16a9bfb64c2118fb38bc311
- SSDEEP
  
  6144:dMMEq6F3ZmdajnNFNxGYl67WJJW5ZtxfkUWHO8QzzAc:dMMEq6l1jNHxGdyJ0XfGHWzAc
Score

10^/10

gozi_ifsb 1500 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1500bankertrojan

behavioral2

gozi_ifsb1500bankertrojan