gozi_ifsb | 468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4 | Triage

Sharing

General

Target

468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4.bin
Size

64KB
Sample

211026-rpm85ahff7
MD5

7ad09f40cb98c1c7b29e5f5c89a3b1db
SHA1

f4ae99cbd6505a8b23dc187b3cdd062465c62829
SHA256

468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4
SHA512

fac37e833d8f9b263bef3ce691b4f45aa858ce93290a9edc533aaeefc8f305b94debe910400ec53e4cc4f31b471787c4ea71882e65507013d4ad7f5457f49c8c

Score

10^/10

gozi_ifsb 8899

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

msn.com/mail

realitystorys.com

outlook.com/signup

gderrrpololo.net

Attributes

build
260212
dga_season
10
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4.bin
- Size
  
  64KB
- MD5
  
  7ad09f40cb98c1c7b29e5f5c89a3b1db
- SHA1
  
  f4ae99cbd6505a8b23dc187b3cdd062465c62829
- SHA256
  
  468886d7a6dc0c36285f2b0fa5dd42070143695494a0f9b77c8e38e0c0867fb4
- SHA512
  
  fac37e833d8f9b263bef3ce691b4f45aa858ce93290a9edc533aaeefc8f305b94debe910400ec53e4cc4f31b471787c4ea71882e65507013d4ad7f5457f49c8c
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2