gozi_ifsb | 2d9b9de594b0e492d22258446ddf99e3962cfd5024345702aa3070a5d77e4c60 | Triage

Sharing

General

Target

42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_x64
Size

213KB
Sample

221027-aegj6aabd8
MD5

513789aa7df7e5e4946db3abebae67d9
SHA1

e3c5dafdd760ce784db60f4246f6fa03f6d658d2
SHA256

2d9b9de594b0e492d22258446ddf99e3962cfd5024345702aa3070a5d77e4c60
SHA512

f471bbe3e0d7a33f28e868c563ccb526713a514c7b8afbc38817c8a7b5bda16cb7ea2303cbbf5eb72902c64ff3344eae632bc098185c99877102909f24866e95
SSDEEP

3072:HUaaULsZBelnhgJjGCL0pYQjI383dyUtq2sbtlroFeq+io3iIDPCiZpFip:HNaULUBelhgQCL0aVedyn5po8q+iSCp

Score

10^/10

gozi_ifsb 1001 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

Attributes

build
215840
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
exe_type
worker
server_id
93

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_x64
- Size
  
  213KB
- MD5
  
  513789aa7df7e5e4946db3abebae67d9
- SHA1
  
  e3c5dafdd760ce784db60f4246f6fa03f6d658d2
- SHA256
  
  2d9b9de594b0e492d22258446ddf99e3962cfd5024345702aa3070a5d77e4c60
- SHA512
  
  f471bbe3e0d7a33f28e868c563ccb526713a514c7b8afbc38817c8a7b5bda16cb7ea2303cbbf5eb72902c64ff3344eae632bc098185c99877102909f24866e95
- SSDEEP
  
  3072:HUaaULsZBelnhgJjGCL0pYQjI383dyUtq2sbtlroFeq+io3iIDPCiZpFip:HNaULUBelhgQCL0aVedyn5po8q+iSCp
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan