Overview

overview

10

Static

static

out.dll

windows7_x64

10

out.dll

windows7_x64

10

out.dll

windows10_x64

10

out.dll

windows10_x64

10

Resubmissions

27-10-2021 11:33

211027-npbnjseeh6 10

04-02-2021 15:53

210204-ry8nav1e26 10

22-01-2021 18:03

210122-wbsmxw8v7s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    out.dll

  • Size

    95KB

  • Sample

    211027-npbnjseeh6

  • MD5

    2ff0ff62b5cf7e7097f75a37492f02f8

  • SHA1

    9d60d24299762f4aa7fa71838b58e4e747b95df6

  • SHA256

    09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285

  • SHA512

    dc9a5422b9f49910db2ad66d4b4d010fb538e6c12e214c33b4b5ee3c5b96591d251b17d9ff99a7dea83b25b62e6ec521a7292471f42def6cb00b2fa139a9eea6

Score
10/10
gozi_ifsb1100bankerpersistencetrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1100

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1
Attributes
  • build

    250171

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      out.dll

    • Size

      95KB

    • MD5

      2ff0ff62b5cf7e7097f75a37492f02f8

    • SHA1

      9d60d24299762f4aa7fa71838b58e4e747b95df6

    • SHA256

      09029ff1f317ccfdd92bfd8ae154328748e761231aabb51872e2b1204315f285

    • SHA512

      dc9a5422b9f49910db2ad66d4b4d010fb538e6c12e214c33b4b5ee3c5b96591d251b17d9ff99a7dea83b25b62e6ec521a7292471f42def6cb00b2fa139a9eea6

    Score
    10/10
    gozi_ifsb1100bankertrojanpersistence

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

      bankertrojangozi_ifsb

    • Registers COM server for autorun

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks