gozi_ifsb | 18c060619d879aea7d3626644a8a4448ad802f509c26f1ec02837db675c71dc3 | Triage

Sharing

General

Target

0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked
Size

130KB
Sample

221026-3w1zcaaah3
MD5

8116be1f07cc1f0de73734ab2818f2ce
SHA1

5caef3f91cee769ae0da9ac6bf8490ab2818c166
SHA256

18c060619d879aea7d3626644a8a4448ad802f509c26f1ec02837db675c71dc3
SHA512

4ef3e18f0da463756f68d2fbb816511a1ddca7e2272848484483bfebd1dc7de84b38fb0ce3d7e62b0054d9498ec018da84101ed0b38d0a9f45789d439d71cde0
SSDEEP

3072:3MJ5t4SXfWnqEQSy/f2qlaleOMG+tuvdBaUafK/msNXfq:cJrXfWnqd2qlalev5uvdBaUxN

Score

10^/10

gozi_ifsb 1001 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

C2

prophosthdor.su/geo_src/outer/mapst

xhroompjsapi.com/geo_src/outer/mapst

paratrenkot.su/geo_src/outer/mapst

Attributes

build
212504
exe_type
worker
server_id
44

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked
- Size
  
  130KB
- MD5
  
  8116be1f07cc1f0de73734ab2818f2ce
- SHA1
  
  5caef3f91cee769ae0da9ac6bf8490ab2818c166
- SHA256
  
  18c060619d879aea7d3626644a8a4448ad802f509c26f1ec02837db675c71dc3
- SHA512
  
  4ef3e18f0da463756f68d2fbb816511a1ddca7e2272848484483bfebd1dc7de84b38fb0ce3d7e62b0054d9498ec018da84101ed0b38d0a9f45789d439d71cde0
- SSDEEP
  
  3072:3MJ5t4SXfWnqEQSy/f2qlaleOMG+tuvdBaUafK/msNXfq:cJrXfWnqd2qlalev5uvdBaUxN
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan