Overview

overview

10

Static

static

10

gozi.dll

windows7-x64

1

gozi.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220923-jzgkbsdeg7

  • MD5

    7f55bd5293ece0704bf5ba4bd80e35b2

  • SHA1

    7b0f613431ac4b5dd6384b6431f0f57b64af6877

  • SHA256

    1e857a25211c30b4b133faea133eb2c4a53d54247d623a5c33a8582c901a069a

  • SHA512

    9063055b7935c881d50caf12edc98b7dbd358af2972f7aba3f79b1f05f97cd9b22c63b9e612b5109abce63e38cfe5d235722c021678cc4363dbda9766f3033eb

  • SSDEEP

    768:DmQp7q0kzrdzjj+jVmXaKrOXNk4snxuZhTeOx1wl7gpQYPEub0c1B/d:DNp7q0WV+pmKe890QeOxel7/YPEu0G/d

Score
10/10
gozi_ifsb1200

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1200

C2

anrfrm.msn.com

194.76.225.90

msggi.msn.com

194.76.225.56

194.76.225.91
Attributes
  • base_path

    /zerobin/

  • build

    250239

  • exe_type

    loader

  • extension

    .bon

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      7f55bd5293ece0704bf5ba4bd80e35b2

    • SHA1

      7b0f613431ac4b5dd6384b6431f0f57b64af6877

    • SHA256

      1e857a25211c30b4b133faea133eb2c4a53d54247d623a5c33a8582c901a069a

    • SHA512

      9063055b7935c881d50caf12edc98b7dbd358af2972f7aba3f79b1f05f97cd9b22c63b9e612b5109abce63e38cfe5d235722c021678cc4363dbda9766f3033eb

    • SSDEEP

      768:DmQp7q0kzrdzjj+jVmXaKrOXNk4snxuZhTeOx1wl7gpQYPEub0c1B/d:DNp7q0WV+pmKe890QeOxel7/YPEu0G/d

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks