gozi_ifsb | 231cabbbdbe83301dcb99968347e82973ced1ddd679c54cbb676768cd1ad4121 | Triage

Sharing

General

Target

514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_x64
Size

329KB
Sample

221027-aejphsabe3
MD5

bfcb099d6757db3d1d954e5cc75f5944
SHA1

7a2466e49ad583ff1acabe54a115d2b5309ac270
SHA256

231cabbbdbe83301dcb99968347e82973ced1ddd679c54cbb676768cd1ad4121
SHA512

fd824557a8632782f33a8ea6867d2b3bcc8443c4bd991e898f56a5b5e9ba68f45daac7228bec65558389e852b2b0744011623fae9cf18ebfb8dfdba02bbd7aab
SSDEEP

6144:QofgAud4CTOOtg6Tq2CjsCnEWc57hpDXroE1A24:Qodud4WOOy6UsCrM/DXroEP4

Score

10^/10

gozi_ifsb 1000 banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

C2

rastobona.com

artefaki.com

spamhouseanilingus.ru

gazitivaton.ru

Attributes

build
200000
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_x64
- Size
  
  329KB
- MD5
  
  bfcb099d6757db3d1d954e5cc75f5944
- SHA1
  
  7a2466e49ad583ff1acabe54a115d2b5309ac270
- SHA256
  
  231cabbbdbe83301dcb99968347e82973ced1ddd679c54cbb676768cd1ad4121
- SHA512
  
  fd824557a8632782f33a8ea6867d2b3bcc8443c4bd991e898f56a5b5e9ba68f45daac7228bec65558389e852b2b0744011623fae9cf18ebfb8dfdba02bbd7aab
- SSDEEP
  
  6144:QofgAud4CTOOtg6Tq2CjsCnEWc57hpDXroE1A24:Qodud4WOOy6UsCrM/DXroEP4
Score

10^/10

gozi_ifsb banker trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi_ifsbbankertrojan

behavioral2

gozi_ifsbbankertrojan