Overview

overview

10

Static

static

10

0a5e359d5f...er.exe

windows7-x64

1

0a5e359d5f...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_dropper

  • Size

    204KB

  • Sample

    221026-3w194saah4

  • MD5

    b57b701d59221f3537c11947696f7583

  • SHA1

    085ef56c138c3ed4351ded58647c3af7e5bc89c2

  • SHA256

    0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c

  • SHA512

    d3f030e01d260e464e5219fd1a85da8d30263d4a27de6de0158912a223044311507204b8bd3af1628456371e66e8dfeeaa41e8784af9da36a7281acaa468a50a

  • SSDEEP

    3072:qNBSUJxUw38KtevKzF3Hahj9mSiRlegItDj5kE3Wn9QXTblDgEGH+yxbd8CU:aTHUwNASVHamSDd33oQXTbSxGF

Score
10/10
gozi_ifsb1001

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

C2

prophosthdor.su/geo_src/outer/mapst

xhroompjsapi.com/geo_src/outer/mapst

paratrenkot.su/geo_src/outer/mapst
Attributes
  • exe_type

    worker

  • server_id

    44

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_dropper

    • Size

      204KB

    • MD5

      b57b701d59221f3537c11947696f7583

    • SHA1

      085ef56c138c3ed4351ded58647c3af7e5bc89c2

    • SHA256

      0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c

    • SHA512

      d3f030e01d260e464e5219fd1a85da8d30263d4a27de6de0158912a223044311507204b8bd3af1628456371e66e8dfeeaa41e8784af9da36a7281acaa468a50a

    • SSDEEP

      3072:qNBSUJxUw38KtevKzF3Hahj9mSiRlegItDj5kE3Wn9QXTblDgEGH+yxbd8CU:aTHUwNASVHamSDd33oQXTbSxGF

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks