gozi_ifsb | 4febb4c594048b1ec2c8cf59711bf727d89bbfdc41e63c80adb12a2ab8aece76 | Triage

Sharing

General

Target

0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_x64
Size

165KB
Sample

221026-3w2kwaaagq
MD5

aa81719e70b312681c258cd18540b974
SHA1

5547e6f23a9a848b434c5a0b5e0bf1d81fd94a6b
SHA256

4febb4c594048b1ec2c8cf59711bf727d89bbfdc41e63c80adb12a2ab8aece76
SHA512

97e39be324a1331200890c3255397229481d49243cdf9bed2deab9fabd5d82fbeac932abbdd63cb21d99f85d1622173557a5605f65524952a1edd63237522112
SSDEEP

3072:JAZD+WSebbdnFcftVL9t1H60KQAuNQ5AN1ozJBV/xMLiCL:JKxSe4ftVL9DDKQcqN1ozNod

Score

10^/10

gozi_ifsb 1001 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

C2

prophosthdor.su/geo_src/outer/mapst

xhroompjsapi.com/geo_src/outer/mapst

paratrenkot.su/geo_src/outer/mapst

Attributes

exe_type
worker
server_id
44

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_x64
- Size
  
  165KB
- MD5
  
  aa81719e70b312681c258cd18540b974
- SHA1
  
  5547e6f23a9a848b434c5a0b5e0bf1d81fd94a6b
- SHA256
  
  4febb4c594048b1ec2c8cf59711bf727d89bbfdc41e63c80adb12a2ab8aece76
- SHA512
  
  97e39be324a1331200890c3255397229481d49243cdf9bed2deab9fabd5d82fbeac932abbdd63cb21d99f85d1622173557a5605f65524952a1edd63237522112
- SSDEEP
  
  3072:JAZD+WSebbdnFcftVL9t1H60KQAuNQ5AN1ozJBV/xMLiCL:JKxSe4ftVL9DDKQcqN1ozNod
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan