Overview

overview

10

Static

static

peppercorn.swift.dll

windows7_x64

10

peppercorn.swift.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gozi.dll

  • Size

    400KB

  • Sample

    210528-ksjjc6agta

  • MD5

    0c73469f171a9ed0d5e29d929e4a3180

  • SHA1

    653e93c5583fa58037139e0fc61bcdd0e65974ad

  • SHA256

    f2147511fb2f25676365c0fa04756007d8311b9a730d618bf344e5946fd4395e

  • SHA512

    8ed1137bc3efae03200b8ac89540c78946343adb4e055de4a07c8d5076603d353a33a74c63df05e1bd42556650b20224b981a6262de9c5fa171c7c5ab481df17

Score
10/10
gozi_ifsb3300bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3300

C2

api10.laptok.at/api1

Attributes
  • build

    250155

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      peppercorn.swift

    • Size

      531KB

    • MD5

      f1e7c116fad465169694a6dd801bcc1b

    • SHA1

      8b6a98055791f71c8bbd5379374ba85190fdb942

    • SHA256

      7b41dc2e287a4c05053413b9b14c8af713b68d01f5f35ac4aebf4d208337e7bf

    • SHA512

      8d2e22eef14475d83fb86e93956d9410c7b4ee498efba6b3d8e456f7dabd3839d86b1e8972cc44f401600a69af8d0fe457827fd22fba950e7df24a996ae715d5

    Score
    10/10
    gozi_ifsb3300bankertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks