gozi_ifsb | a08b6bd2b9d190017e68c7d032065e6fe0f169fd9400e5589ffe5de82fcf3646 | Triage

Sharing

General

Target

514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked
Size

247KB
Sample

221027-aeh3zsabem
MD5

42bec6ebbf72c0c13f7d0430fdec6a83
SHA1

fe52ac86deecae98d7f9c452360a19c909b301ea
SHA256

a08b6bd2b9d190017e68c7d032065e6fe0f169fd9400e5589ffe5de82fcf3646
SHA512

cfb61d4f2a9041d7f55e74fd0b4a0c0df1612aa059b06e9be54064cefac25615ac082b16979c50b86f7ab5b62be52400a37a5f83543a88e18764c86299582c52
SSDEEP

6144:INDg0fYEB+SMqV8qlalvaRFhlRaPBGlwCAkuKdgN940OiB:IhB+SfV8qgliBloGlEpf

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

C2

rastobona.com

artefaki.com

spamhouseanilingus.ru

gazitivaton.ru

Attributes

build
200000
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked
- Size
  
  247KB
- MD5
  
  42bec6ebbf72c0c13f7d0430fdec6a83
- SHA1
  
  fe52ac86deecae98d7f9c452360a19c909b301ea
- SHA256
  
  a08b6bd2b9d190017e68c7d032065e6fe0f169fd9400e5589ffe5de82fcf3646
- SHA512
  
  cfb61d4f2a9041d7f55e74fd0b4a0c0df1612aa059b06e9be54064cefac25615ac082b16979c50b86f7ab5b62be52400a37a5f83543a88e18764c86299582c52
- SSDEEP
  
  6144:INDg0fYEB+SMqV8qlalvaRFhlRaPBGlwCAkuKdgN940OiB:IhB+SfV8qgliBloGlEpf
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan