Overview

overview

10

Static

static

10

5cb0000.dll

windows7-x64

1

5cb0000.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cb0000.dll.exe

  • Size

    228KB

  • Sample

    220927-net25sdcg6

  • MD5

    9dd50345a80bdc7bf873887c458bdc6f

  • SHA1

    280a8fdbcc8ca09090ac12175b54668e7d2a9230

  • SHA256

    555df9df7ab7a1edf7764add9ff88b1266a078d48ee1cc00f21f0131a6b30b84

  • SHA512

    7900a221d9a2c5e679e3ccaec94295051635311fc745138f569462e01c78304ff5ccf753f1319b5a998ebf38abb55649861fb3a597c4cf8d61864570471fe41b

  • SSDEEP

    6144:XlDosEPR66q9KgylInd6oqA/wD5znFoc:tUPR6D9KDInd6oqA/wVF

Score
10/10
gozi_ifsb7777

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7777

C2

trackingg2-protectioon.cdn4.mozilla.net

109.230.199.185

trackingg3-protectioon.cdn5.mozilla.net

185.212.44.249

trackingg4-protectioon.cdn5.mozilla.net

194.76.225.37

trackingg5-protectioon.cdn1.mozilla.net

194.76.224.181

trackingg-protectioon.cdn1.mozilla.net

194.76.225.164

trackingg3-protectioon.cdn6.mozilla.net

185.158.251.205

trackingg-protectioon.cdn2.mozilla.net

185.189.149.216

trackingg5-protectioon.cdn3.mozilla.net

185.158.249.54

trackingg-protectioon.cdn4.mozilla.net

185.212.44.130

trackingg1-protectioon.cdn5.mozilla.net

37.10.71.83
Attributes
  • base_path

    /fonts/

  • exe_type

    worker

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      5cb0000.dll.exe

    • Size

      228KB

    • MD5

      9dd50345a80bdc7bf873887c458bdc6f

    • SHA1

      280a8fdbcc8ca09090ac12175b54668e7d2a9230

    • SHA256

      555df9df7ab7a1edf7764add9ff88b1266a078d48ee1cc00f21f0131a6b30b84

    • SHA512

      7900a221d9a2c5e679e3ccaec94295051635311fc745138f569462e01c78304ff5ccf753f1319b5a998ebf38abb55649861fb3a597c4cf8d61864570471fe41b

    • SSDEEP

      6144:XlDosEPR66q9KgylInd6oqA/wD5znFoc:tUPR6D9KDInd6oqA/wVF

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks