Overview

overview

10

Static

static

0d6014f1d2...e9.exe

windows7-x64

10

0d6014f1d2...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9

  • Size

    119KB

  • Sample

    221026-3w2kwaaah5

  • MD5

    01bb1ed3dc487fbd3de3587f887cac75

  • SHA1

    560d9fa7931356a2ddfc7b226a6d3ebdb842473a

  • SHA256

    0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9

  • SHA512

    8da4994df14934ea5ec837ff6cf640dee51f5431604648bee5b1297cb7f4a0fd14deaf2350d14d51f15efbafe82301b0fa344d24f9a2f4a2c94acd9fe8539320

  • SSDEEP

    3072:3Uzhx2Mnwol3C/6/MKPf75hIGAUmUmU3Y:EDfw83C4NomBB

Score
10/10
gozi_ifsb1091bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1091

C2

pop.project-ip.co.uk

Attributes
  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain
rsa_pubkey.plain

Targets

    • Target

      0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9

    • Size

      119KB

    • MD5

      01bb1ed3dc487fbd3de3587f887cac75

    • SHA1

      560d9fa7931356a2ddfc7b226a6d3ebdb842473a

    • SHA256

      0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9

    • SHA512

      8da4994df14934ea5ec837ff6cf640dee51f5431604648bee5b1297cb7f4a0fd14deaf2350d14d51f15efbafe82301b0fa344d24f9a2f4a2c94acd9fe8539320

    • SSDEEP

      3072:3Uzhx2Mnwol3C/6/MKPf75hIGAUmUmU3Y:EDfw83C4NomBB

    Score
    10/10
    gozi_ifsb1091bankertrojan

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks