gozi_ifsb | 2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7 | Triage

Sharing

General

Target

2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7
Size

302KB
Sample

221026-3w5mjaaahp
MD5

fddf052c867459e52b86307ffdd2f0b8
SHA1

471c4e337c3f37d19ed21b1b3ca47caf7f5287fb
SHA256

2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7
SHA512

903d2debcccf78191cec690995e6fa635445d8bb7216b7b88b73755dd74ad295706e81ca3803da7be52cf917bf291cea9915459025b89b32343e63fbd9408f07
SSDEEP

6144:mMMYNXqBBtzd0e6OGxUf4lnWFJuDlw2bt6MY8E/0RMKYrsTL16Qj8iA:qntz28wlPlww6Mfk0R9R4Qj8P

Score

10^/10

gozi_ifsb banker trojan

Malware Config

Targets

- Target
  
  2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7
- Size
  
  302KB
- MD5
  
  fddf052c867459e52b86307ffdd2f0b8
- SHA1
  
  471c4e337c3f37d19ed21b1b3ca47caf7f5287fb
- SHA256
  
  2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7
- SHA512
  
  903d2debcccf78191cec690995e6fa635445d8bb7216b7b88b73755dd74ad295706e81ca3803da7be52cf917bf291cea9915459025b89b32343e63fbd9408f07
- SSDEEP
  
  6144:mMMYNXqBBtzd0e6OGxUf4lnWFJuDlw2bt6MY8E/0RMKYrsTL16Qj8iA:qntz28wlPlww6Mfk0R9R4Qj8P
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan