gozi_ifsb | 2e6d7e51c90c4703b5018e29315997ef6e4a0ccf856b06fef04a084bbc48110c | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

220923-j2sqdahedk
MD5

f9916d21236dab7718c6681a7fd3fc77
SHA1

271a3651ed36910e3de96fad337d5d147a7bd310
SHA256

2e6d7e51c90c4703b5018e29315997ef6e4a0ccf856b06fef04a084bbc48110c
SHA512

ae72c7175377eb3445ec4da1995c09e1e91f397df98129dcf36094884ccb1ecab195089fa4f0c8f36851e71be030c3cc96fc0180974a6904f1e174cd55e7cf29
SSDEEP

768:JibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuA:e7HdgfncFig5sfCQyXz1OTfM7AYHuA

Score

10^/10

gozi_ifsb 5002

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5002

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  f9916d21236dab7718c6681a7fd3fc77
- SHA1
  
  271a3651ed36910e3de96fad337d5d147a7bd310
- SHA256
  
  2e6d7e51c90c4703b5018e29315997ef6e4a0ccf856b06fef04a084bbc48110c
- SHA512
  
  ae72c7175377eb3445ec4da1995c09e1e91f397df98129dcf36094884ccb1ecab195089fa4f0c8f36851e71be030c3cc96fc0180974a6904f1e174cd55e7cf29
- SSDEEP
  
  768:JibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuA:e7HdgfncFig5sfCQyXz1OTfM7AYHuA
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2