gozi_ifsb | 6198eac74d24a480517f7260394aedf877f56ea02c114d92a391d0f8f20f19fa | Triage

Sharing

General

Target

6198eac74d24a480517f7260394aedf877f56ea02c114d92a391d0f8f20f19fa
Size

260KB
Sample

221019-qgclzshgcp
MD5

91eb2d9acf104f68fbedad5ebee2d700
SHA1

c31b410699ed9979072db681c4815aeef7193264
SHA256

6198eac74d24a480517f7260394aedf877f56ea02c114d92a391d0f8f20f19fa
SHA512

a8a2bb6d7c7b131eb35eb02c510df6f41debca5ca26eee793bc5341dfd4dfd770f81e49888f3f9a6bae845e033784e91b5dd073f86f66f45b6ac7b264ee371eb
SSDEEP

6144:vBYgv5GKhNNGGjHDApfM+igbMAEuX7mEhoDv+tlTPD7:vBRvkKhNNP0pfM+igPLCDclT

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

C2

beenor.ru

mokopanda.ru

gonaba.ru

bedekol.ru

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6198eac74d24a480517f7260394aedf877f56ea02c114d92a391d0f8f20f19fa
- Size
  
  260KB
- MD5
  
  91eb2d9acf104f68fbedad5ebee2d700
- SHA1
  
  c31b410699ed9979072db681c4815aeef7193264
- SHA256
  
  6198eac74d24a480517f7260394aedf877f56ea02c114d92a391d0f8f20f19fa
- SHA512
  
  a8a2bb6d7c7b131eb35eb02c510df6f41debca5ca26eee793bc5341dfd4dfd770f81e49888f3f9a6bae845e033784e91b5dd073f86f66f45b6ac7b264ee371eb
- SSDEEP
  
  6144:vBYgv5GKhNNGGjHDApfM+igbMAEuX7mEhoDv+tlTPD7:vBRvkKhNNP0pfM+igPLCDclT
Score

10^/10

gozi_ifsb 1000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb1000bankertrojan

behavioral2

gozi_ifsb1000bankertrojan