Overview

overview

10

Static

static

10

a3412d5e43...0e.dll

windows7_x64

1

a3412d5e43...0e.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e

  • Size

    52KB

  • Sample

    220201-lkgynacha3

  • MD5

    ff93684e156bb2a37e9615f9df7311d9

  • SHA1

    67d862a7b7f4e3cd411dd9becb1d64190d6c5c48

  • SHA256

    a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e

  • SHA512

    92b9af32f167fd9fc214a07a7b541c405c8fb0bbe771c485ce45a87b45c6c3c24be401878fe77821ed3afca6ff10c956e9ed36f04342054cd1098aef11485569

Score
10/10
gozi_ifsb1500persistence

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

authd.feronok.com

app.bighomegl.at
Attributes
  • build

    250204

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e

    • Size

      52KB

    • MD5

      ff93684e156bb2a37e9615f9df7311d9

    • SHA1

      67d862a7b7f4e3cd411dd9becb1d64190d6c5c48

    • SHA256

      a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e

    • SHA512

      92b9af32f167fd9fc214a07a7b541c405c8fb0bbe771c485ce45a87b45c6c3c24be401878fe77821ed3afca6ff10c956e9ed36f04342054cd1098aef11485569

    Score
    8/10
    persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks