gozi_ifsb | e807c46ba7cd53bf6900d1a8f32baba9a118410483faa68d51b233de738483e3 | Triage

Sharing

General

Target

d2ef5.exe
Size

37KB
Sample

221026-g7rn6aehc4
MD5

1d8a445bef0c0d4a7ec519f06c23224a
SHA1

7dd349b8664ec7dbe769da64e1b324ae091a29e2
SHA256

e807c46ba7cd53bf6900d1a8f32baba9a118410483faa68d51b233de738483e3
SHA512

67e0a57bfeb122e346d909680b4f99ed1138f42e9c8a74bba7d143de1f6413c94f45000c0c5fd1bc511db0c11bdf668dcc0b5721d0e5df3288d464ed439ac2cc
SSDEEP

768:tQLm41fM01vAeyRTwFiCRn7IYbo7gMaBMOF6c629pto:tL41fMSv7ASRnFLMaMOF6c6Y

Score

10^/10

gozi_ifsb 10103 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10103

C2

trackingg-protectioon.cdn1.mozilla.net

siwdmfkshsgw.com

188.127.224.114

weiqeqwns.com

weiqeqwens.com

weiqewqwns.com

iujdhsndjfks.com

ijduwhsbvk.com

Attributes

base_path
/uploaded/
build
250246
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d2ef5.exe
- Size
  
  37KB
- MD5
  
  1d8a445bef0c0d4a7ec519f06c23224a
- SHA1
  
  7dd349b8664ec7dbe769da64e1b324ae091a29e2
- SHA256
  
  e807c46ba7cd53bf6900d1a8f32baba9a118410483faa68d51b233de738483e3
- SHA512
  
  67e0a57bfeb122e346d909680b4f99ed1138f42e9c8a74bba7d143de1f6413c94f45000c0c5fd1bc511db0c11bdf668dcc0b5721d0e5df3288d464ed439ac2cc
- SSDEEP
  
  768:tQLm41fM01vAeyRTwFiCRn7IYbo7gMaBMOF6c629pto:tL41fMSv7ASRnFLMaMOF6c6Y
Score

10^/10

gozi_ifsb 10103 banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsb10103bankertrojan

behavioral2

gozi_ifsb10103bankertrojan