gozi_ifsb | 16219470147869c63d91020919dc29987927f6aab3e83620197a503c7c358596 | Triage

Sharing

General

Target

16219470147869c63d91020919dc29987927f6aab3e83620197a503c7c358596
Size

54KB
Sample

220201-myhyjsdfe7
MD5

f961a25f5e5479ccb979da19d2a4a949
SHA1

fe2b20e675a54bde4fece864b7eb1deb91dfd957
SHA256

16219470147869c63d91020919dc29987927f6aab3e83620197a503c7c358596
SHA512

a6ad40e2631c39f3287e52ca99ad33cc0baba887fb9f64356cf23f1c10a44c4be09d02bbb0db67970b1e199ffe5204df114809ea46257765227480368da93ec8

Score

10^/10

gozi_ifsb 8877 persistence

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com

auredosite.club

vuredosite.club

Attributes

base_path
/grower/
build
250206
dga_season
10
exe_type
loader
extension
.grow
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  16219470147869c63d91020919dc29987927f6aab3e83620197a503c7c358596
- Size
  
  54KB
- MD5
  
  f961a25f5e5479ccb979da19d2a4a949
- SHA1
  
  fe2b20e675a54bde4fece864b7eb1deb91dfd957
- SHA256
  
  16219470147869c63d91020919dc29987927f6aab3e83620197a503c7c358596
- SHA512
  
  a6ad40e2631c39f3287e52ca99ad33cc0baba887fb9f64356cf23f1c10a44c4be09d02bbb0db67970b1e199ffe5204df114809ea46257765227480368da93ec8
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2