out.dll

General
Target

out.dll

Size

95KB

Sample

210204-ry8nav1e26

Score
10 /10
MD5

2ff0ff62b5cf7e7097f75a37492f02f8

SHA1

9d60d24299762f4aa7fa71838b58e4e747b95df6

SHA256

09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285

SHA512

dc9a5422b9f49910db2ad66d4b4d010fb538e6c12e214c33b4b5ee3c5b96591d251b17d9ff99a7dea83b25b62e6ec521a7292471f42def6cb00b2fa139a9eea6

Malware Config

Extracted

Family gozi_ifsb
Botnet 1100
C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes
build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
rsa_pubkey.base64
serpent.plain
Targets
Target

out.dll

MD5

2ff0ff62b5cf7e7097f75a37492f02f8

Filesize

95KB

Score
10 /10
SHA1

9d60d24299762f4aa7fa71838b58e4e747b95df6

SHA256

09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285

SHA512

dc9a5422b9f49910db2ad66d4b4d010fb538e6c12e214c33b4b5ee3c5b96591d251b17d9ff99a7dea83b25b62e6ec521a7292471f42def6cb00b2fa139a9eea6

Tags

Signatures

  • Gozi, Gozi IFSB

    Description

    Gozi ISFB is a well-known and widely distributed banking trojan.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10