gozi_ifsb | 812dd59af0fa3be88decd7f9121b9bb2837196a164b40cb61ee29b57b0b759c1 | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

220923-krvyeshfgk
MD5

1b413e1b14b72e4dd7500c21fb6a9476
SHA1

273ab040e4904d016c94de359ae6c723a03ff93e
SHA256

812dd59af0fa3be88decd7f9121b9bb2837196a164b40cb61ee29b57b0b759c1
SHA512

bdf0897ba1c4f53b038c81262a65d57c0d05a5f5fbb7b7175889d6feaa7f597cdb80ac585e109fe0c70f2f4aa8c6d9db0d06c70b36aeb4ff794de04a2bebce2f
SSDEEP

768:ZibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuA:O7HdgfncFig5sfCQyXz1OTfM7AYHuA

Score

10^/10

gozi_ifsb 5001

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5001

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  1b413e1b14b72e4dd7500c21fb6a9476
- SHA1
  
  273ab040e4904d016c94de359ae6c723a03ff93e
- SHA256
  
  812dd59af0fa3be88decd7f9121b9bb2837196a164b40cb61ee29b57b0b759c1
- SHA512
  
  bdf0897ba1c4f53b038c81262a65d57c0d05a5f5fbb7b7175889d6feaa7f597cdb80ac585e109fe0c70f2f4aa8c6d9db0d06c70b36aeb4ff794de04a2bebce2f
- SSDEEP
  
  768:ZibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuA:O7HdgfncFig5sfCQyXz1OTfM7AYHuA
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2