gozi_ifsb | 15ff07302e7c183feb467ec8d12a9a701fcce95a78cf185f547ab82540f5d8e6 | Triage

Sharing

General

Target

42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked
Size

170KB
Sample

221027-aefymaabdp
MD5

263bf11e355fd2179b1b956f9cb1979a
SHA1

394f360469c0186bc52dc4ff7074ca0bd9e25182
SHA256

15ff07302e7c183feb467ec8d12a9a701fcce95a78cf185f547ab82540f5d8e6
SHA512

f26cc52c695b1170d9e69ab0012ebb3994ec35b748bbc96d6d1212b1ae7b215e05f2025097d2e3d8795e159cb0a93d75b7941260a355b65c6083d20267095d7e
SSDEEP

3072:UnPGdDrlrx85OR2qcqnG923Ek/lBzLWE2pqlalXni0X3LDNqdcR0/KTD:Unc1dvFnGe/lBzyqlalS0XFq7K

Score

10^/10

gozi_ifsb 1001 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

Attributes

dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
exe_type
worker
server_id
93

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked
- Size
  
  170KB
- MD5
  
  263bf11e355fd2179b1b956f9cb1979a
- SHA1
  
  394f360469c0186bc52dc4ff7074ca0bd9e25182
- SHA256
  
  15ff07302e7c183feb467ec8d12a9a701fcce95a78cf185f547ab82540f5d8e6
- SHA512
  
  f26cc52c695b1170d9e69ab0012ebb3994ec35b748bbc96d6d1212b1ae7b215e05f2025097d2e3d8795e159cb0a93d75b7941260a355b65c6083d20267095d7e
- SSDEEP
  
  3072:UnPGdDrlrx85OR2qcqnG923Ek/lBzLWE2pqlalXni0X3LDNqdcR0/KTD:Unc1dvFnGe/lBzyqlalS0XFq7K
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan