gozi_ifsb | 908a2b2d385a32d541c795b3fd4b4675502632935fc5b772bb0323798b4a47ad | Triage

Sharing

General

Target

2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_x64
Size

345KB
Sample

221027-ab1hvsabc2
MD5

63223be31de5e0ea133b2aaf8cd63e9c
SHA1

28aa25ef0ca227656504d074b4107989a3847780
SHA256

908a2b2d385a32d541c795b3fd4b4675502632935fc5b772bb0323798b4a47ad
SHA512

0acd678c11462a397fe7176674229e6ca97481fd767be63e6c5ae5161f5e186dd3ab6fffc8bb6e0510098fc21fe22f0fe745d7207141a15a2644eb6396dfd564
SSDEEP

6144:aImDEdF/rxGtCM0KfJyO9C3GMHxpbdP5Q9RPoqTiB+6k6X7O:aImYdF/rItCMV9C9hARPoqTiB+

Score

10^/10

gozi_ifsb 10008 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10008

C2

jscallowallowallowjcli.me

disallowjscuserallow.pw

Attributes

build
215801
dga_base_url
z1.zedo.com/robots.txt
dga_crc
0x246640bb
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_x64
- Size
  
  345KB
- MD5
  
  63223be31de5e0ea133b2aaf8cd63e9c
- SHA1
  
  28aa25ef0ca227656504d074b4107989a3847780
- SHA256
  
  908a2b2d385a32d541c795b3fd4b4675502632935fc5b772bb0323798b4a47ad
- SHA512
  
  0acd678c11462a397fe7176674229e6ca97481fd767be63e6c5ae5161f5e186dd3ab6fffc8bb6e0510098fc21fe22f0fe745d7207141a15a2644eb6396dfd564
- SSDEEP
  
  6144:aImDEdF/rxGtCM0KfJyO9C3GMHxpbdP5Q9RPoqTiB+6k6X7O:aImYdF/rItCMV9C9hARPoqTiB+
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan