General

  • Target

    292b2a9b168a978a1f9a1ba12606c9ce48f3a54806ce49093c33eb797d2bf5f5

  • Size

    243KB

  • Sample

    220615-smy4aacfdn

  • MD5

    6f3d74a03549d03a72721df822621451

  • SHA1

    abc049128a11974fe1d9305b4fc8f25ff330bf38

  • SHA256

    292b2a9b168a978a1f9a1ba12606c9ce48f3a54806ce49093c33eb797d2bf5f5

  • SHA512

    1bed4e0edea9a2ce3a27921f9f8353e8a3ecd7c38b0141539d09d283259d757387ff955f2253a294aaafa04d20b281a5acc9a532f03a2fe19295093a857261f3

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214098

Extracted

Family

gozi_ifsb

Botnet

3515

C2

google.com

gmail.com

v61nkkybd.com

dee12yadira43.com

ffhyyo51y.com

Attributes
  • build

    214098

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      292b2a9b168a978a1f9a1ba12606c9ce48f3a54806ce49093c33eb797d2bf5f5

    • Size

      243KB

    • MD5

      6f3d74a03549d03a72721df822621451

    • SHA1

      abc049128a11974fe1d9305b4fc8f25ff330bf38

    • SHA256

      292b2a9b168a978a1f9a1ba12606c9ce48f3a54806ce49093c33eb797d2bf5f5

    • SHA512

      1bed4e0edea9a2ce3a27921f9f8353e8a3ecd7c38b0141539d09d283259d757387ff955f2253a294aaafa04d20b281a5acc9a532f03a2fe19295093a857261f3

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

MITRE ATT&CK Enterprise v6

Tasks