gozi_ifsb | d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb | Triage

Sharing

General

Target

d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb
Size

42KB
Sample

220201-k4x9babhfn
MD5

e925c5008b817fab066c50aad00eadfb
SHA1

8b160a12a9709770bdea5a527bb7d1f209c26f1a
SHA256

d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb
SHA512

3123db29fbe8a9150aa84a46a9b6cbf7e2dc5e85339facbd5d666ce4cd58e2dea0abf1aff57bd3b3023a210405c17e322e1dfead79da1693e4aec618d6b8e732

Score

10^/10

gozi_ifsb 1500 persistence

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

apt.updateffboruse.com

app.updatebrouser.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb
- Size
  
  42KB
- MD5
  
  e925c5008b817fab066c50aad00eadfb
- SHA1
  
  8b160a12a9709770bdea5a527bb7d1f209c26f1a
- SHA256
  
  d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb
- SHA512
  
  3123db29fbe8a9150aa84a46a9b6cbf7e2dc5e85339facbd5d666ce4cd58e2dea0abf1aff57bd3b3023a210405c17e322e1dfead79da1693e4aec618d6b8e732
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2