gozi_ifsb | b72d412ba4cebb19928816d686b9ef214cbe4e843a4f0760ea1364260595ada8 | Triage

Sharing

General

Target

3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked
Size

151KB
Sample

221027-aeeessabdl
MD5

215deda6c849d1c2da60253d35ee9e09
SHA1

4136b0341013085b16aa6c5568506b14fa88f40e
SHA256

b72d412ba4cebb19928816d686b9ef214cbe4e843a4f0760ea1364260595ada8
SHA512

9056727a55a98f486f2d9d7815ed5bc2d45d15d5fa0057913b5ce2b35a1dcff74f01f7bf7ee516f460ab98ebc061f20f4b66aaf8bde12c0a675523337a3b0fef
SSDEEP

3072:DsajR3l2w1I4c2CtZIwGC2qlalXnuQRAja1dLouddR6d702+ENQzLDgsf5WS:DVR1/gD94qlal+jE8uddkd70B9f/

Score

10^/10

gozi_ifsb 3000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

romaya.ru

matashka.ru

matashka399.ru

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked
- Size
  
  151KB
- MD5
  
  215deda6c849d1c2da60253d35ee9e09
- SHA1
  
  4136b0341013085b16aa6c5568506b14fa88f40e
- SHA256
  
  b72d412ba4cebb19928816d686b9ef214cbe4e843a4f0760ea1364260595ada8
- SHA512
  
  9056727a55a98f486f2d9d7815ed5bc2d45d15d5fa0057913b5ce2b35a1dcff74f01f7bf7ee516f460ab98ebc061f20f4b66aaf8bde12c0a675523337a3b0fef
- SSDEEP
  
  3072:DsajR3l2w1I4c2CtZIwGC2qlalXnuQRAja1dLouddR6d702+ENQzLDgsf5WS:DVR1/gD94qlal+jE8uddkd70B9f/
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan