33.dll

General
Target

33.dll

Size

504KB

Sample

210204-tkhxpx8dz2

Score
10 /10
MD5

e3544f6cbe6b26af70c091ad6575a40f

SHA1

e4b6104981b735e2f1620fc27bb45fff539ee8ce

SHA256

5c428be510eee72712f41a9cd50292b5f45fcce039cca43c5f6238dab1d0021e

SHA512

7f4144351e84f9b6a746a682f2be72f9784ff14dcb9be1251c143bb73864aadb1621c29ece7ce86a25086bad35dfe9378a86c4393e582fb82029c3711df608ef

Malware Config

Extracted

Family gozi_ifsb
Botnet 3300
C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes
build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
rsa_pubkey.base64
serpent.plain
Targets
Target

33.dll

MD5

e3544f6cbe6b26af70c091ad6575a40f

Filesize

504KB

Score
10 /10
SHA1

e4b6104981b735e2f1620fc27bb45fff539ee8ce

SHA256

5c428be510eee72712f41a9cd50292b5f45fcce039cca43c5f6238dab1d0021e

SHA512

7f4144351e84f9b6a746a682f2be72f9784ff14dcb9be1251c143bb73864aadb1621c29ece7ce86a25086bad35dfe9378a86c4393e582fb82029c3711df608ef

Tags

Signatures

  • Gozi, Gozi IFSB

    Description

    Gozi ISFB is a well-known and widely distributed banking trojan.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10