gozi_ifsb | e175aa6da0bb64b977ecda500ea5b80e4dacd1683317e31261f9583430b25346 | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

220923-h8t2cadea4
MD5

cdefa06087804de576a3139135ad472e
SHA1

032fb489392918aefac4eb0fadda94d596f84d3b
SHA256

e175aa6da0bb64b977ecda500ea5b80e4dacd1683317e31261f9583430b25346
SHA512

811fb187a86e728fab7480adc42c42f36b7bde35f07cb817b51d81d01ffcbf4254f127e6e0bfc282de4caaf70bd0cf775fd73f9a40b2e8276c7045dedc1db831
SSDEEP

768:DibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAH:07HdgfncFig5sfCQyXz1OTfM7AYHuA

Score

10^/10

gozi_ifsb 1900

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1900

C2

tel.msn.com

194.76.225.60

185.212.47.133

Attributes

base_path
/doorway/
build
250235
exe_type
loader
extension
.drr
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  cdefa06087804de576a3139135ad472e
- SHA1
  
  032fb489392918aefac4eb0fadda94d596f84d3b
- SHA256
  
  e175aa6da0bb64b977ecda500ea5b80e4dacd1683317e31261f9583430b25346
- SHA512
  
  811fb187a86e728fab7480adc42c42f36b7bde35f07cb817b51d81d01ffcbf4254f127e6e0bfc282de4caaf70bd0cf775fd73f9a40b2e8276c7045dedc1db831
- SSDEEP
  
  768:DibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAH:07HdgfncFig5sfCQyXz1OTfM7AYHuA
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2