gozi_ifsb | 821f1b68c207b41e21b519610931ce46719307d99e3e8aeb397ac720d870b476 | Triage

Sharing

General

Target

821f1b68c207b41e21b519610931ce46719307d99e3e8aeb397ac720d870b476
Size

60KB
Sample

210511-eskrk9fyn2
MD5

c4c0b19091c6edd5fd46867caf99026d
SHA1

5b1dbdbab64ebcb665e91d442a847cc3a9552a38
SHA256

821f1b68c207b41e21b519610931ce46719307d99e3e8aeb397ac720d870b476
SHA512

3d017883a412f3e813b3c83d1acc326c6bb598b7b87604368ad3e651909a1de4391b458021e342c630802774cce93907d61bedd9f092d0dea8b212fdb1371e41

Score

10^/10

gozi_ifsb 8877

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

gmail.com

worunekulo.club

horunekulo.website

Attributes

build
250196
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  821f1b68c207b41e21b519610931ce46719307d99e3e8aeb397ac720d870b476
- Size
  
  60KB
- MD5
  
  c4c0b19091c6edd5fd46867caf99026d
- SHA1
  
  5b1dbdbab64ebcb665e91d442a847cc3a9552a38
- SHA256
  
  821f1b68c207b41e21b519610931ce46719307d99e3e8aeb397ac720d870b476
- SHA512
  
  3d017883a412f3e813b3c83d1acc326c6bb598b7b87604368ad3e651909a1de4391b458021e342c630802774cce93907d61bedd9f092d0dea8b212fdb1371e41
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2