Overview

overview

10

Static

static

10

1f0000.dll

windows7-x64

1

1f0000.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f0000.dll

  • Size

    43KB

  • Sample

    220926-nt1hgabghk

  • MD5

    c5d5bbe7532ee239898246a31f110224

  • SHA1

    bebf6d50a0ddc048efb4e6da7eb0cf42ff21680f

  • SHA256

    ae6a6bd412bef8f0baeddb6871bf61e0e14c15a29d6947e5dd21a2c8c3c0fd10

  • SHA512

    e6bf38a01af969964091a9a2a2f70fe71deb44842d3e7ed02d99e0a7ed34edaddb8fb8e3789b674741baea39111cc0e13f707ec11cf7a085d1693c93bfc026b5

  • SSDEEP

    768:JibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFDMu+AFWHuA:e7HdgfncFig5sfCQyXz1OTbDMyYHuA

Score
10/10
gozi_ifsb5002

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5002

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197
Attributes
  • base_path

    /chupa/

  • build

    250235

  • exe_type

    loader

  • extension

    .upa

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1f0000.dll

    • Size

      43KB

    • MD5

      c5d5bbe7532ee239898246a31f110224

    • SHA1

      bebf6d50a0ddc048efb4e6da7eb0cf42ff21680f

    • SHA256

      ae6a6bd412bef8f0baeddb6871bf61e0e14c15a29d6947e5dd21a2c8c3c0fd10

    • SHA512

      e6bf38a01af969964091a9a2a2f70fe71deb44842d3e7ed02d99e0a7ed34edaddb8fb8e3789b674741baea39111cc0e13f707ec11cf7a085d1693c93bfc026b5

    • SSDEEP

      768:JibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFDMu+AFWHuA:e7HdgfncFig5sfCQyXz1OTbDMyYHuA

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks