gozi_ifsb | 9302114a292d350c4b14f27d8b5b3c89f42c922b6ae99fa62ef6006092e1937d | Triage

Sharing

General

Target

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked
Size

252KB
Sample

221026-3wytzsaag6
MD5

d99789bc4f6d3ffa201d6ea46a20966a
SHA1

05ab1c70cd0ff6adcf7a2f6198aa546a2e2d1a2f
SHA256

9302114a292d350c4b14f27d8b5b3c89f42c922b6ae99fa62ef6006092e1937d
SHA512

bee09209a2c9a723d14a96999ef8d481b28117c7f64fad627abb3ff710678ba1d0f2c89d2d47958b95512570d85c0efbbef5e8240a5218f37150c1650926dace
SSDEEP

6144:5CIBILZgwtxqlal2qG1C5mIaISMFZim9PS8dggzLh7Kg0vn8tT:iLZgwtxqgl2dfISMFn9J7h7qvy

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked
- Size
  
  252KB
- MD5
  
  d99789bc4f6d3ffa201d6ea46a20966a
- SHA1
  
  05ab1c70cd0ff6adcf7a2f6198aa546a2e2d1a2f
- SHA256
  
  9302114a292d350c4b14f27d8b5b3c89f42c922b6ae99fa62ef6006092e1937d
- SHA512
  
  bee09209a2c9a723d14a96999ef8d481b28117c7f64fad627abb3ff710678ba1d0f2c89d2d47958b95512570d85c0efbbef5e8240a5218f37150c1650926dace
- SSDEEP
  
  6144:5CIBILZgwtxqlal2qG1C5mIaISMFZim9PS8dggzLh7Kg0vn8tT:iLZgwtxqgl2dfISMFn9J7h7qvy
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan