gozi_ifsb | f17c218281891da09fc54ff6cff10e8434a6710b3c0de540cd9ffd0c593792b3 | Triage

Sharing

General

Target

249ba989225747cf269f49e6c14b516031b5071bdbcb5b07843af6f920b2e1ab_unpacked_x64
Size

177KB
Sample

221027-abx3qsabb6
MD5

b4d2cdc7fffc68ca3ec95c30b96e3d18
SHA1

b4db6203fbecf2ef38372e0f9bbc3fe960e1f07a
SHA256

f17c218281891da09fc54ff6cff10e8434a6710b3c0de540cd9ffd0c593792b3
SHA512

349ee2feb39dddbe55ec33dd52a8b1988a2579cbcc40d89c1e6d330f46e2484561c41221b5c5f533581123044a4dfe89b78ac19d54c37241920965bcf721b4e7
SSDEEP

3072:isTmBr1+87Wxn+ppJL49PdrtPAle/9o+qZZHIxlYDkImLPq:81Vu+4dr9R/9o+q8l1q

Score

10^/10

gozi_ifsb 1071 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1071

C2

127.0.0.1

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  249ba989225747cf269f49e6c14b516031b5071bdbcb5b07843af6f920b2e1ab_unpacked_x64
- Size
  
  177KB
- MD5
  
  b4d2cdc7fffc68ca3ec95c30b96e3d18
- SHA1
  
  b4db6203fbecf2ef38372e0f9bbc3fe960e1f07a
- SHA256
  
  f17c218281891da09fc54ff6cff10e8434a6710b3c0de540cd9ffd0c593792b3
- SHA512
  
  349ee2feb39dddbe55ec33dd52a8b1988a2579cbcc40d89c1e6d330f46e2484561c41221b5c5f533581123044a4dfe89b78ac19d54c37241920965bcf721b4e7
- SSDEEP
  
  3072:isTmBr1+87Wxn+ppJL49PdrtPAle/9o+qZZHIxlYDkImLPq:81Vu+4dr9R/9o+q8l1q
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan