gozi_ifsb | 53f6f5d85edd89df6e9db5c0d7cc832c196b73f6d959a49dee39b30208b9c583 | Triage

Sharing

General

Target

ursnif0_04AA0000.dll
Size

119KB
Sample

211005-swsb4aaad5
MD5

547820194d4f48370ce3fa220e4a4bf3
SHA1

6effa38bd1dfcfe64b7fdbd6e305e508e8c9347c
SHA256

53f6f5d85edd89df6e9db5c0d7cc832c196b73f6d959a49dee39b30208b9c583
SHA512

52167014391ebaa136e99acf7b364dbd5f555bc6e23ea7bac278e4fa22d2538c3b3103e106f3303559cde0feb4a2f2dcebb6a41aa20a5b846da65bd9e2b90ea2

Score

10^/10

gozi_ifsb 8899

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/login

vloderuniok.website

gloderuniok.website

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  ursnif0_04AA0000.dll
- Size
  
  119KB
- MD5
  
  547820194d4f48370ce3fa220e4a4bf3
- SHA1
  
  6effa38bd1dfcfe64b7fdbd6e305e508e8c9347c
- SHA256
  
  53f6f5d85edd89df6e9db5c0d7cc832c196b73f6d959a49dee39b30208b9c583
- SHA512
  
  52167014391ebaa136e99acf7b364dbd5f555bc6e23ea7bac278e4fa22d2538c3b3103e106f3303559cde0feb4a2f2dcebb6a41aa20a5b846da65bd9e2b90ea2
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2