gozi_ifsb | 5bbef6674502e6b18ae2387547264de1c817cabf244fb7e5d67444e2e76a952a | Triage

Sharing

General

Target

5bbef6674502e6b18ae2387547264de1c817cabf244fb7e5d67444e2e76a952a
Size

209KB
Sample

220201-mcv1zscgcn
MD5

adc5821d5060d66a5b7a98fa4a78b99d
SHA1

5564bd9c7aa495d63f014e8a6d98d05f07814b63
SHA256

5bbef6674502e6b18ae2387547264de1c817cabf244fb7e5d67444e2e76a952a
SHA512

e53067833c762df9ce7d4a7761eb21efd9ca0afe92d3a06e829922c7398500f9dc0f56b8957f9a3703c11d823e0576e1583993b5956f1d61b50045447827d4a1

Score

10^/10

gozi_ifsb 10003 persistence

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10003

C2

127.0.0.1

Attributes

build
214711
dga_base_url
z1.zedo.com/robots.txt
dga_crc
0xf24ca29e
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  5bbef6674502e6b18ae2387547264de1c817cabf244fb7e5d67444e2e76a952a
- Size
  
  209KB
- MD5
  
  adc5821d5060d66a5b7a98fa4a78b99d
- SHA1
  
  5564bd9c7aa495d63f014e8a6d98d05f07814b63
- SHA256
  
  5bbef6674502e6b18ae2387547264de1c817cabf244fb7e5d67444e2e76a952a
- SHA512
  
  e53067833c762df9ce7d4a7761eb21efd9ca0afe92d3a06e829922c7398500f9dc0f56b8957f9a3703c11d823e0576e1583993b5956f1d61b50045447827d4a1
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2