gozi_ifsb | 25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094 | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

220923-kp3v9agcb7
MD5

508f2889a54920c1ff730882ae37ec4b
SHA1

d46812975844b55e06f0ad2d798baf8cc7afd55f
SHA256

25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094
SHA512

e9c1c16ce874e7db6485f73e71f6e4da58effec3bdf9b380ea7970db4c41fa62960c104a29a165fdc2106b8b23e2c7d66f95a7098953cc35cd6ea27a2dcff0b5
SSDEEP

768:SibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAE:v7HdgfncFig5sfCQyXz1OTfM7AYHuAE

Score

10^/10

gozi_ifsb 5000

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  508f2889a54920c1ff730882ae37ec4b
- SHA1
  
  d46812975844b55e06f0ad2d798baf8cc7afd55f
- SHA256
  
  25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094
- SHA512
  
  e9c1c16ce874e7db6485f73e71f6e4da58effec3bdf9b380ea7970db4c41fa62960c104a29a165fdc2106b8b23e2c7d66f95a7098953cc35cd6ea27a2dcff0b5
- SSDEEP
  
  768:SibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAE:v7HdgfncFig5sfCQyXz1OTfM7AYHuAE
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2