gozi_ifsb | dc641a85150af5ede0e9a4ab23144a578889bbee7163addf9e97b5fab7d09fc8

General

Target

c150000.dll.exe
Size

228KB
Sample

220922-mesnmseheq
MD5

5f9e95dd1bac0978260e4ffc091b0fcf
SHA1

6c3a2a5879b021cfa9a788a6ce1f997f86e9d297
SHA256

dc641a85150af5ede0e9a4ab23144a578889bbee7163addf9e97b5fab7d09fc8
SHA512

e3c0b5c0cae5cbc64afd728db2b5f89ea4b2611c6d2ecde9f094efb9429657d83fa235cc0b2664b94da0872e5e833dc267c50dd6fbe4b54905357c24dced3eb5
SSDEEP

3072:3lfGqwJTeTEom3lIkR2SCD6q9KgyItk78mV0dfgxT/cqA9w5VgCK5hcjRlxJFoc:3lDosEPR66q9KgylInd6oqA9D5InFoc

Score

10^/10

gozi_ifsb 2000

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2000

C2

trackingg2-protectioon.cdn4.mozilla.net

109.230.199.185

trackingg3-protectioon.cdn5.mozilla.net

185.212.44.249

trackingg4-protectioon.cdn5.mozilla.net

194.76.225.37

trackingg5-protectioon.cdn1.mozilla.net

194.76.224.181

trackingg-protectioon.cdn1.mozilla.net

194.76.225.164

trackingg3-protectioon.cdn6.mozilla.net

185.158.251.205

trackingg-protectioon.cdn2.mozilla.net

185.189.149.216

trackingg5-protectioon.cdn3.mozilla.net

185.158.249.54

trackingg-protectioon.cdn4.mozilla.net

185.212.44.130

trackingg1-protectioon.cdn5.mozilla.net

37.10.71.83

Attributes

base_path
/fonts/
exe_type
worker
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  c150000.dll.exe
- Size
  
  228KB
- MD5
  
  5f9e95dd1bac0978260e4ffc091b0fcf
- SHA1
  
  6c3a2a5879b021cfa9a788a6ce1f997f86e9d297
- SHA256
  
  dc641a85150af5ede0e9a4ab23144a578889bbee7163addf9e97b5fab7d09fc8
- SHA512
  
  e3c0b5c0cae5cbc64afd728db2b5f89ea4b2611c6d2ecde9f094efb9429657d83fa235cc0b2664b94da0872e5e833dc267c50dd6fbe4b54905357c24dced3eb5
- SSDEEP
  
  3072:3lfGqwJTeTEom3lIkR2SCD6q9KgyItk78mV0dfgxT/cqA9w5VgCK5hcjRlxJFoc:3lDosEPR66q9KgylInd6oqA9D5InFoc
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2