Resubmissions

13/02/2022, 02:27

220213-cxh7tafbbn 10

General

  • Target

    sample-1744380-7098317fa62001df2fbfb2ad4b2f153a.zip

  • Size

    147KB

  • Sample

    220213-cxh7tafbbn

  • MD5

    68df9c114c7557ffc3fd6f1e5b6c0c08

  • SHA1

    91e97f071c819c5e88ffba1140eb34383aef9af0

  • SHA256

    dd1a908e2161b6e2205d42afad726cacefe2cfb2fb0243fb66c8b496f5abf131

  • SHA512

    7812a42abdaf905d7a70f477c432dc693d9252df39d3778ebd057b0ca3a180b9449087b242638f3f4c8620799a739c2c642166028bf20fccc513f8428961c6b9

Malware Config

Extracted

Family

gozi_ifsb

Botnet

9094

C2

google.mail.com

firsone1.online

kdsjdsadas.online

Attributes
  • base_path

    /jkloll/

  • build

    250211

  • dga_season

    10

  • exe_type

    loader

  • extension

    .mki

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      V55ogLg2fi.dll

    • Size

      291KB

    • MD5

      7098317fa62001df2fbfb2ad4b2f153a

    • SHA1

      b9f0f53a1770ef080151407f1c2df845eae380fc

    • SHA256

      53884f3120767d42dabef87b63e0d6b9cbb3be425f842c458d95d2b017dbe5c0

    • SHA512

      8b53f9fdbd27a12a5a4cfc64c52c1163f1656b5af7ef0beaca0b485573383ed9b1d615f36b635659108d01f8f5f3207fcc10485d449e98e5f37cb550c0643ebd

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks