gozi_ifsb | d1b4045990964610141800df6c538a05d00aadb8b28390d91de28aa5b8ac90af | Triage

Sharing

General

Target

3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked
Size

108KB
Sample

221027-aeds9sabd2
MD5

3dfa4f44613b1ad60b9d592a3efd7289
SHA1

761848e7a9b9ba4f02c8cd45076e4f269a674e70
SHA256

d1b4045990964610141800df6c538a05d00aadb8b28390d91de28aa5b8ac90af
SHA512

983f1165ca7d36f860cbb111ad846618ff6039da24d2180434b2e1f89be80937e93e967f64922fbeebdfa790b8532c21a8880fbb37ffcea646ff8f72042f3de6
SSDEEP

3072:3l6Rrc/z9Lh39PvrYnD2qlaleOMEKlKg5fUny:cxcb9Lh5sCqlalevSg3

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

C2

tandlawsnative.su/ne_utils/front/xxx

leendeilco-1000.su/ne_utils/front/xxx

princlegislative.su/ne_utils/front/xxx

Attributes

exe_type
worker

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked
- Size
  
  108KB
- MD5
  
  3dfa4f44613b1ad60b9d592a3efd7289
- SHA1
  
  761848e7a9b9ba4f02c8cd45076e4f269a674e70
- SHA256
  
  d1b4045990964610141800df6c538a05d00aadb8b28390d91de28aa5b8ac90af
- SHA512
  
  983f1165ca7d36f860cbb111ad846618ff6039da24d2180434b2e1f89be80937e93e967f64922fbeebdfa790b8532c21a8880fbb37ffcea646ff8f72042f3de6
- SSDEEP
  
  3072:3l6Rrc/z9Lh39PvrYnD2qlaleOMEKlKg5fUny:cxcb9Lh5sCqlalevSg3
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan