gozi_ifsb | fe0aa96b79d91070b7109b351332d24946c34427e061f37429ebfb5aa34ae61e | Triage

Sharing

General

Target

ursnif2.51194a0.dll
Size

538KB
Sample

211005-sw191aaad7
MD5

126eddfaa1ec2f42fd38fdedd8f53be6
SHA1

17f260b625bfd8d57c3b1e0633de1f76715419a8
SHA256

fe0aa96b79d91070b7109b351332d24946c34427e061f37429ebfb5aa34ae61e
SHA512

5b7f6d01cd3757d2a1d5336c44ca6e833480f18825e4bd488a0b1206756085a2204712f8f7e3a54a95210aaff413b6234b3f41c63933665c16c9355c78c4c484

Score

10^/10

gozi_ifsb 8899

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/login

vloderuniok.website

gloderuniok.website

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  ursnif2.51194a0.dll
- Size
  
  538KB
- MD5
  
  126eddfaa1ec2f42fd38fdedd8f53be6
- SHA1
  
  17f260b625bfd8d57c3b1e0633de1f76715419a8
- SHA256
  
  fe0aa96b79d91070b7109b351332d24946c34427e061f37429ebfb5aa34ae61e
- SHA512
  
  5b7f6d01cd3757d2a1d5336c44ca6e833480f18825e4bd488a0b1206756085a2204712f8f7e3a54a95210aaff413b6234b3f41c63933665c16c9355c78c4c484
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2