gozi_ifsb | 65f35b0d1ab54a128cca4beeda2a2d846e520d9d2aa5c37661c3b41edb189e3b | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

221006-p9mrzshdf8
MD5

96747974dd8b0e08f919cd3b3942c971
SHA1

b18c33fd9e92da1bb22912f6a92f677cc84122a0
SHA256

65f35b0d1ab54a128cca4beeda2a2d846e520d9d2aa5c37661c3b41edb189e3b
SHA512

759b08bd69a043862b14665988ada1d65cbc7078119c81d3ed2986dca24e418507a0492d3362686bf11eab7903cf683f8a6f25dfb28e5cf92d3c984f2708a58f
SSDEEP

768:6TmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k7:6TmE+L5AkTixchBOKinCZ3eGGb7dTR9k

Score

10^/10

gozi_ifsb 3000

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

89.41.26.99

89.45.4.102

interstarts.top

superlist.top

internetcoca.in

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  96747974dd8b0e08f919cd3b3942c971
- SHA1
  
  b18c33fd9e92da1bb22912f6a92f677cc84122a0
- SHA256
  
  65f35b0d1ab54a128cca4beeda2a2d846e520d9d2aa5c37661c3b41edb189e3b
- SHA512
  
  759b08bd69a043862b14665988ada1d65cbc7078119c81d3ed2986dca24e418507a0492d3362686bf11eab7903cf683f8a6f25dfb28e5cf92d3c984f2708a58f
- SSDEEP
  
  768:6TmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k7:6TmE+L5AkTixchBOKinCZ3eGGb7dTR9k
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2