gozi_ifsb | b88ffcfd41d4acefa644335a9a72a8899c4a2f05f12b2d78bd792045441e5ae4 | Triage

Sharing

General

Target

ursnif.dll
Size

284KB
Sample

211026-my2qnahbh7
MD5

32ca92979650828c99c30f9303c873b2
SHA1

14155816258aa5bd1f9b7953267d1ca7a685d7af
SHA256

b88ffcfd41d4acefa644335a9a72a8899c4a2f05f12b2d78bd792045441e5ae4
SHA512

8410ef72170dc3fb1cac0c72bff99d8b297a2bd3f5d5c772ceafd9933e6933a60fd973e957300489109975621cfec24f60b83b781f0551091f3373272ff5a259

Score

10^/10

gozi_ifsb 8899

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

http://msn.com

http://microsoft.com

https://45.9.20.197

https://45.9.20.175

https://193.239.85.56

https://gpoolol.com

https://hrappunos.com

Attributes

dga_season
10
dns_servers
107.174.86.134
107.175.127.22
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  ursnif.dll
- Size
  
  284KB
- MD5
  
  32ca92979650828c99c30f9303c873b2
- SHA1
  
  14155816258aa5bd1f9b7953267d1ca7a685d7af
- SHA256
  
  b88ffcfd41d4acefa644335a9a72a8899c4a2f05f12b2d78bd792045441e5ae4
- SHA512
  
  8410ef72170dc3fb1cac0c72bff99d8b297a2bd3f5d5c772ceafd9933e6933a60fd973e957300489109975621cfec24f60b83b781f0551091f3373272ff5a259
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2