yytr.png

General
Target

yytr.png

Size

463KB

Sample

210211-3ttsec2j32

Score
10 /10
MD5

ba2befa9c70c2b6d779c48a59cece3e5

SHA1

4c855f80076e357d35c7d60cd52d2c49abefc5ff

SHA256

9c51cbe4681facc34623aeca27a18dbaa6db1337990a0e003b7c9babeb06c1eb

SHA512

bdc4e33de9de4cf27d1df05e22163c6a3ef0d2406d80cb51db34139bf08cc3a923b079686fbc0a1b359ee46447eb0583c3343360d7e755179e9661c4a503047e

Malware Config

Extracted

Family gozi_ifsb
Botnet 3131
C2

c.s-microsoft.com

firebaseremoteconfig.googleapis.com

pronpepsipirpyamvioerd.com

80.208.230.180

Attributes
build
250177
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
107.174.86.134
107.175.127.22
exe_type
loader
server_id
12
rsa_pubkey.base64
serpent.plain
Targets
Target

yytr.png

MD5

ba2befa9c70c2b6d779c48a59cece3e5

Filesize

463KB

Score
10 /10
SHA1

4c855f80076e357d35c7d60cd52d2c49abefc5ff

SHA256

9c51cbe4681facc34623aeca27a18dbaa6db1337990a0e003b7c9babeb06c1eb

SHA512

bdc4e33de9de4cf27d1df05e22163c6a3ef0d2406d80cb51db34139bf08cc3a923b079686fbc0a1b359ee46447eb0583c3343360d7e755179e9661c4a503047e

Tags

Signatures

  • Gozi, Gozi IFSB

    Description

    Gozi ISFB is a well-known and widely distributed banking trojan.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10