gozi_ifsb | efc5d6924a586e8bc30d4a48029f0cec29c493bcf76d0126ce74b7f963d7c9bf | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

220925-q6hvasehg5
MD5

b9e34211a2d4bf5525ad9ccb7d9224da
SHA1

f16e2a7778ac008a4a557b5999492d46f4a90247
SHA256

efc5d6924a586e8bc30d4a48029f0cec29c493bcf76d0126ce74b7f963d7c9bf
SHA512

abd1dc24fe17fdf629c85031b5f341d82fb17f291847d23bdfc35620cb2e825bbba6658efba9d1fd66f29d2a095bb7bffe556fe1d25d9cc2a0f63c9dd1764b67
SSDEEP

768:PTmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k:PTmE+L5AkTixchBOKinCZ3eGGb7dTR9k

Score

10^/10

gozi_ifsb 7777

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7777

C2

trackingg-protectioon.cdn4.mozilla.net

194.76.225.37

trackingg-protectioon.cdn5.mozilla.net

185.212.44.249

109.230.199.185

Attributes

base_path
/fonts/
build
250246
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  b9e34211a2d4bf5525ad9ccb7d9224da
- SHA1
  
  f16e2a7778ac008a4a557b5999492d46f4a90247
- SHA256
  
  efc5d6924a586e8bc30d4a48029f0cec29c493bcf76d0126ce74b7f963d7c9bf
- SHA512
  
  abd1dc24fe17fdf629c85031b5f341d82fb17f291847d23bdfc35620cb2e825bbba6658efba9d1fd66f29d2a095bb7bffe556fe1d25d9cc2a0f63c9dd1764b67
- SSDEEP
  
  768:PTmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k:PTmE+L5AkTixchBOKinCZ3eGGb7dTR9k
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2