gozi_ifsb | 82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e | Triage

Sharing

General

Target

82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
Size

56KB
Sample

220201-ly8zasdah3
MD5

0ad9430dd3f572de8cd0ca5a8abc37c0
SHA1

fbb27806ed07da6acf8703494acc1da93aac08b9
SHA256

82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
SHA512

6c6fda252eb50a62c79c73b20daaa13ef77325980eef1971fa7d2b6e0c303eee59346f63908377f3d3d921a8a22682b11016d628d695bb148a7a05109ff4db62

Score

10^/10

gozi_ifsb 4500 persistence

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
- Size
  
  56KB
- MD5
  
  0ad9430dd3f572de8cd0ca5a8abc37c0
- SHA1
  
  fbb27806ed07da6acf8703494acc1da93aac08b9
- SHA256
  
  82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
- SHA512
  
  6c6fda252eb50a62c79c73b20daaa13ef77325980eef1971fa7d2b6e0c303eee59346f63908377f3d3d921a8a22682b11016d628d695bb148a7a05109ff4db62
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2