General

  • Target

    8bfc0d33681f4117e5cde9ae80cc506811689240f03b6efdcde175be9191fefb

  • Size

    265KB

  • Sample

    220319-s3rzxachgj

  • MD5

    29d1651ef8389ba50bf0d79fff4aad1c

  • SHA1

    128ba046f2adb250471383e54a5c110593933df5

  • SHA256

    8bfc0d33681f4117e5cde9ae80cc506811689240f03b6efdcde175be9191fefb

  • SHA512

    78c8969c4d213de79c439c735fdfe20f734a531e3f25ad853972d7eb6dbe5eabcb2b7ba154562f4f1f7cc1f86b169cadb570b282cdc9507e420fa18e62e435bf

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8005

C2

ssddl2.microsoft.com

siberiarrmaskkapsulrttezya.ru

sibedriamasterkkmoderatordstezya.ru

massidfberiatersksilkavayssstezya.ru

dolsggiberiaoserkmikluhasya.chimkent.su

dolsibegriaosersk4ermanderezya.chimkent.su

rdosdripakloserikabyatezya.chimkent.su

rusddripakoloserufinurtdrfezya.chimkent.su

ripakteenrufinishryeuliliezya.ru

rufiteemnisripakhglassdzya.ru

rufinisrufripakhmileronurzya.ru

rurugyrfripakinishtokokusstezya.ru

rufislomnishsripakerdfnstezya.adygeya.su

Attributes
  • build

    250161

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      8bfc0d33681f4117e5cde9ae80cc506811689240f03b6efdcde175be9191fefb

    • Size

      265KB

    • MD5

      29d1651ef8389ba50bf0d79fff4aad1c

    • SHA1

      128ba046f2adb250471383e54a5c110593933df5

    • SHA256

      8bfc0d33681f4117e5cde9ae80cc506811689240f03b6efdcde175be9191fefb

    • SHA512

      78c8969c4d213de79c439c735fdfe20f734a531e3f25ad853972d7eb6dbe5eabcb2b7ba154562f4f1f7cc1f86b169cadb570b282cdc9507e420fa18e62e435bf

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup Detected

      suricata: ET MALWARE Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup Detected

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

MITRE ATT&CK Enterprise v6

Tasks