gozi_ifsb | 172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297 | Triage

Submit
Reports

Overview

overview

Static

static

172f359baa...97.exe

windows7-x64

172f359baa...97.exe

windows10-2004-x64

1

Sharing

General

Target

172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297
Size

560KB
Sample

221026-3w5brsaba3
MD5

809d3b9cdbc7ba8847cc4ef8d8de512d
SHA1

f29d4849a3053efff95c160519ce47cf381f8c03
SHA256

172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297
SHA512

2edc4504bbb2be500b951cef808f9d7c9cb6bdf1cfd5009c01a1bf7ebb2e0b0d2476f6f006ee51e18dc266ab742e52d66946b8a768d26c25ffea8c84fc699354
SSDEEP

12288:FPLRBqplpgxVReAcFcniKUPHwxV3GKydCD:IpYxTeAe5+JEdCD

Score

10^/10

gozi_ifsb banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297.exe

Resource

win7-20220812-en

gozi_ifsb banker trojan

windows7-x64

5 signatures

600 seconds

Behavioral task

behavioral2

Sample

172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

3 signatures

600 seconds

Malware Config

Targets

- Target
  
  172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297
- Size
  
  560KB
- MD5
  
  809d3b9cdbc7ba8847cc4ef8d8de512d
- SHA1
  
  f29d4849a3053efff95c160519ce47cf381f8c03
- SHA256
  
  172f359baa478d80a9a8eccde0393e3fb8a58f0444a1b71d99d87c6a50855297
- SHA512
  
  2edc4504bbb2be500b951cef808f9d7c9cb6bdf1cfd5009c01a1bf7ebb2e0b0d2476f6f006ee51e18dc266ab742e52d66946b8a768d26c25ffea8c84fc699354
- SSDEEP
  
  12288:FPLRBqplpgxVReAcFcniKUPHwxV3GKydCD:IpYxTeAe5+JEdCD
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

© 2018-2024

Terms | Privacy