gozi_ifsb | ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050 | Triage

Sharing

General

Target

tmp/ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe
Size

52KB
Sample

211213-hngkhsdcb6
MD5

0fd58bc7bddb0339f8ac4f200aa26652
SHA1

7335f8bc97329b67f00f05aefbac15fed2a1511b
SHA256

ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050
SHA512

9bdc7ccbdc77f39beb397c11184124f277308dd5a8a31df4156547c99cc86626c75db6b37dc45faa75951c25ef2e9af4b84497d8c0fcce9c634d87d282e9172b

Score

10^/10

gozi_ifsb 4500

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  tmp/ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050.exe
- Size
  
  52KB
- MD5
  
  0fd58bc7bddb0339f8ac4f200aa26652
- SHA1
  
  7335f8bc97329b67f00f05aefbac15fed2a1511b
- SHA256
  
  ddf9db5e2eb896bdba343cc26a8b82b18d8b5540f24ab1aed3495f4db4152050
- SHA512
  
  9bdc7ccbdc77f39beb397c11184124f277308dd5a8a31df4156547c99cc86626c75db6b37dc45faa75951c25ef2e9af4b84497d8c0fcce9c634d87d282e9172b
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2