18d613d02eaf8d339feebb21f578f329.dll

General
Target

18d613d02eaf8d339feebb21f578f329.dll

Size

511KB

Sample

210504-2q7vap6cpn

Score
10 /10
MD5

18d613d02eaf8d339feebb21f578f329

SHA1

01ea39853139ccfe82f0bd19f8963d3ccebf8e8a

SHA256

bd43f7bc23a76b086a81b8e6fcd4355cac648d3f7d9a941d9aa259def534d5b1

SHA512

a432ca4267f56530945e2dd352e658d72b3fc84101b84dcd86bc0adcf42e218e394556d6b69cec92cb30a960ce83586e8c026e971f02fa5154d100a198f1e4ce

Malware Config

Extracted

Family gozi_ifsb
Botnet 8877
C2

outlook.com/login

gmail.com

dorelunonu.us

morelunonu.us

Attributes
build
250195
dga_season
10
exe_type
loader
server_id
12
rsa_pubkey.base64
serpent.plain
Targets
Target

18d613d02eaf8d339feebb21f578f329.dll

MD5

18d613d02eaf8d339feebb21f578f329

Filesize

511KB

Score
10 /10
SHA1

01ea39853139ccfe82f0bd19f8963d3ccebf8e8a

SHA256

bd43f7bc23a76b086a81b8e6fcd4355cac648d3f7d9a941d9aa259def534d5b1

SHA512

a432ca4267f56530945e2dd352e658d72b3fc84101b84dcd86bc0adcf42e218e394556d6b69cec92cb30a960ce83586e8c026e971f02fa5154d100a198f1e4ce

Tags

Signatures

  • Gozi, Gozi IFSB

    Description

    Gozi ISFB is a well-known and widely distributed banking trojan.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10