gozi_ifsb | b5c292b6a64336e0ceecafa13687b0e26f287a38b2ff8c67d450fe70a49270c9 | Triage

Sharing

General

Target

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked_x64
Size

327KB
Sample

221026-3wzfhsaagm
MD5

7b454c49a9bdc6795a3abab900cff981
SHA1

fc44fafb8f04311a6bab95c6d4336683621725ff
SHA256

b5c292b6a64336e0ceecafa13687b0e26f287a38b2ff8c67d450fe70a49270c9
SHA512

b1ac662115809a735a0543c65eed24fa9f4d9d52095b4a3ef5538b0a56f9a92911b9992a67386926bf12732d92228f3e4faa1b26149e2e38ed981182bedd90d3
SSDEEP

6144:gTIdP2DZGIA3nDMnVzbhT8GHoU95jsvC39+pyory5hhA:gseZwTMnJ1Ho7C39+pyorcA

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked_x64
- Size
  
  327KB
- MD5
  
  7b454c49a9bdc6795a3abab900cff981
- SHA1
  
  fc44fafb8f04311a6bab95c6d4336683621725ff
- SHA256
  
  b5c292b6a64336e0ceecafa13687b0e26f287a38b2ff8c67d450fe70a49270c9
- SHA512
  
  b1ac662115809a735a0543c65eed24fa9f4d9d52095b4a3ef5538b0a56f9a92911b9992a67386926bf12732d92228f3e4faa1b26149e2e38ed981182bedd90d3
- SSDEEP
  
  6144:gTIdP2DZGIA3nDMnVzbhT8GHoU95jsvC39+pyory5hhA:gseZwTMnJ1Ho7C39+pyorcA
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan