General

  • Target

    66f6700ff69f31d61debe07c146154a8334675653e3b9295453c2b76ad38a2a5

  • Size

    1.2MB

  • Sample

    220315-tyx6ssbfgn

  • MD5

    967ffcde1de2ab54b71b91da4a34da92

  • SHA1

    e328c979a3fbe1ae0db9945bd7abca072f86e870

  • SHA256

    66f6700ff69f31d61debe07c146154a8334675653e3b9295453c2b76ad38a2a5

  • SHA512

    51412091589a0eee6d003f6d37599dc9ef172ba9770bc18bf2ad4361a269d14529e271a4bf1e83f2d48f95183a95de1852eb0b24dfe0fc8a14434d6be057d07e

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4343

C2

firestore.googleapis.com

santaliny.org

Attributes
  • build

    250162

  • dga_season

    10

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      66f6700ff69f31d61debe07c146154a8334675653e3b9295453c2b76ad38a2a5

    • Size

      1.2MB

    • MD5

      967ffcde1de2ab54b71b91da4a34da92

    • SHA1

      e328c979a3fbe1ae0db9945bd7abca072f86e870

    • SHA256

      66f6700ff69f31d61debe07c146154a8334675653e3b9295453c2b76ad38a2a5

    • SHA512

      51412091589a0eee6d003f6d37599dc9ef172ba9770bc18bf2ad4361a269d14529e271a4bf1e83f2d48f95183a95de1852eb0b24dfe0fc8a14434d6be057d07e

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

MITRE ATT&CK Enterprise v6

Tasks