gozi_ifsb | ea33608b909525aa0273e2afa350f081af19426bebb37ce30bea91e2f6374a44 | Triage

Sharing

General

Target

3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked_x64
Size

136KB
Sample

221027-aed42aabd3
MD5

8de57105a5e61088a78b9cb96f8ca0d4
SHA1

e6215f1c006f79f7dc519fc96d4e1b35d970d486
SHA256

ea33608b909525aa0273e2afa350f081af19426bebb37ce30bea91e2f6374a44
SHA512

acaea8833ef1a3f297423fc8cc24e140f12857daf2898b42678589036b928a3f49077875a465660f499d0ec0b90291e6dd42144d3e281adf67f50ec64b4dc315
SSDEEP

3072:dqyk+pnRBTZ5hUC6lVUtWsMcig8OtQ5Amyosb/K3x9:dXnbTNalutccig8Dqmyosm

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

C2

tandlawsnative.su/ne_utils/front/xxx

leendeilco-1000.su/ne_utils/front/xxx

princlegislative.su/ne_utils/front/xxx

Attributes

exe_type
worker

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked_x64
- Size
  
  136KB
- MD5
  
  8de57105a5e61088a78b9cb96f8ca0d4
- SHA1
  
  e6215f1c006f79f7dc519fc96d4e1b35d970d486
- SHA256
  
  ea33608b909525aa0273e2afa350f081af19426bebb37ce30bea91e2f6374a44
- SHA512
  
  acaea8833ef1a3f297423fc8cc24e140f12857daf2898b42678589036b928a3f49077875a465660f499d0ec0b90291e6dd42144d3e281adf67f50ec64b4dc315
- SSDEEP
  
  3072:dqyk+pnRBTZ5hUC6lVUtWsMcig8OtQ5Amyosb/K3x9:dXnbTNalutccig8Dqmyosm
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan