gozi_ifsb | 4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba | Triage

Sharing

General

Target

4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba.dll
Size

116KB
Sample

221020-pg6pdsdbgq
MD5

17ddc738604a040176b85c80173c5090
SHA1

75db1976ccc16912d4f1d4fc68b8c8975ad39ac4
SHA256

4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba
SHA512

1b9328608a3347822168d3a57d5b2cf7c52bb0f60aa76456409f33029cae22e89a5692d54b29e6c581b287a7376f066382eda3d6a2443389358f6bb40d19a483
SSDEEP

3072:q14Nm3YTyGi7bLYB0s7+Ec7V6bW2nnW6rifrQc1+lUmT:CvOwYB0v72n6rQA+b

Score

10^/10

gozi_ifsb 5000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

config.edge.skype.com

onlinetwork.top

linetwork.top

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba.dll
- Size
  
  116KB
- MD5
  
  17ddc738604a040176b85c80173c5090
- SHA1
  
  75db1976ccc16912d4f1d4fc68b8c8975ad39ac4
- SHA256
  
  4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba
- SHA512
  
  1b9328608a3347822168d3a57d5b2cf7c52bb0f60aa76456409f33029cae22e89a5692d54b29e6c581b287a7376f066382eda3d6a2443389358f6bb40d19a483
- SSDEEP
  
  3072:q14Nm3YTyGi7bLYB0s7+Ec7V6bW2nnW6rifrQc1+lUmT:CvOwYB0v72n6rQA+b
Score

10^/10

gozi_ifsb 5000 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb5000bankertrojan

behavioral2

gozi_ifsb5000bankertrojan