gozi_ifsb | c1f3695f532af5294430f9199526190ac221a8a6611a805c0944c63a4b5f08e6 | Triage

Sharing

General

Target

c1f3695f532af5294430f9199526190ac221a8a6611a805c0944c63a4b5f08e6
Size

53KB
Sample

220201-k98bgacaer
MD5

55f4294598061d5c4030878b50115ec2
SHA1

5dbe16f16666b846a234bec322a5c6f24ec1005a
SHA256

c1f3695f532af5294430f9199526190ac221a8a6611a805c0944c63a4b5f08e6
SHA512

9f4650e95d56f426467ef8de059aa9f6a5b4c977fcd93fbfd9078de93caf9b8ffe97289caeb2737d202b9bc2a02f066754db49faeb0147ca1fb4c0bb2ad3198a

Score

10^/10

gozi_ifsb 2200 persistence

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  c1f3695f532af5294430f9199526190ac221a8a6611a805c0944c63a4b5f08e6
- Size
  
  53KB
- MD5
  
  55f4294598061d5c4030878b50115ec2
- SHA1
  
  5dbe16f16666b846a234bec322a5c6f24ec1005a
- SHA256
  
  c1f3695f532af5294430f9199526190ac221a8a6611a805c0944c63a4b5f08e6
- SHA512
  
  9f4650e95d56f426467ef8de059aa9f6a5b4c977fcd93fbfd9078de93caf9b8ffe97289caeb2737d202b9bc2a02f066754db49faeb0147ca1fb4c0bb2ad3198a
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2