gozi_ifsb | 53a152ce008fbe0a467f7816ed237692b3839495425b3b28844a5a032630a9e9 | Triage

Sharing

General

Target

gozi.payload-disk
Size

43KB
Sample

221011-p6e8qsfafj
MD5

4daae4e5b599410b39b55833d61819e7
SHA1

8769d522b951aa86259e5239919045adaed05daa
SHA256

53a152ce008fbe0a467f7816ed237692b3839495425b3b28844a5a032630a9e9
SHA512

ff35a1ddf3fe10976a75580a670a1047c9b2e2ba922363587b894b081e2d19f58574cb4fbc3ced29de2098461752e4004587989129f030ecb41598b47a305883
SSDEEP

768:TlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp:TlYhzJ2VQEFf/2VYuAZOzNM7uyH

Score

10^/10

gozi_ifsb 1900

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1900

C2

tel12.msn.com

194.76.225.60

185.212.47.133

Attributes

base_path
/doorway/
build
250240
exe_type
loader
extension
.drr
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  43KB
- MD5
  
  4daae4e5b599410b39b55833d61819e7
- SHA1
  
  8769d522b951aa86259e5239919045adaed05daa
- SHA256
  
  53a152ce008fbe0a467f7816ed237692b3839495425b3b28844a5a032630a9e9
- SHA512
  
  ff35a1ddf3fe10976a75580a670a1047c9b2e2ba922363587b894b081e2d19f58574cb4fbc3ced29de2098461752e4004587989129f030ecb41598b47a305883
- SSDEEP
  
  768:TlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp:TlYhzJ2VQEFf/2VYuAZOzNM7uyH
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2