gozi_ifsb | bd48d2ca9fc8aa44bdee5fe564c15cb8fff88da0081cae06e6a3153ea599f48a | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

220923-jchh4sdeb7
MD5

851e3931eb9af443aebe8abdb60f9469
SHA1

b13e1900449afbb908511dee343a14442a0fbbc1
SHA256

bd48d2ca9fc8aa44bdee5fe564c15cb8fff88da0081cae06e6a3153ea599f48a
SHA512

1241a219e8b616e65d57b6bc58398df2972b120ae243bc3f258936d2a6f431cfce18fe164cc573733bc390bf1bf0c433df07f7b4cf986f816edf43771a70e2e4
SSDEEP

768:ImQp7q0kzrdzjj+jVmXaKrOXNk4snxuZhTeOx1wl7gpQYPEub0c1B:INp7q0WV+pmKe890QeOxel7/YPEu0G

Score

10^/10

gozi_ifsb 20000

Malware Config

Extracted

Family

gozi_ifsb

Botnet

20000

C2

trackingg-protectioon.cdn1.mozilla.net

185.240.103.79

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

Attributes

base_path
/uploaded/
build
250239
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  851e3931eb9af443aebe8abdb60f9469
- SHA1
  
  b13e1900449afbb908511dee343a14442a0fbbc1
- SHA256
  
  bd48d2ca9fc8aa44bdee5fe564c15cb8fff88da0081cae06e6a3153ea599f48a
- SHA512
  
  1241a219e8b616e65d57b6bc58398df2972b120ae243bc3f258936d2a6f431cfce18fe164cc573733bc390bf1bf0c433df07f7b4cf986f816edf43771a70e2e4
- SSDEEP
  
  768:ImQp7q0kzrdzjj+jVmXaKrOXNk4snxuZhTeOx1wl7gpQYPEub0c1B:INp7q0WV+pmKe890QeOxel7/YPEu0G
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2