gozi_ifsb | c35d54d4caeafeebf3f713f8e21129ef461efb70a36292b5ad688e951cd4d950 | Triage

Sharing

General

Target

249ba989225747cf269f49e6c14b516031b5071bdbcb5b07843af6f920b2e1ab_unpacked_dropper
Size

199KB
Sample

221026-3w6vlaaba7
MD5

f8d484648035f9c039b3efe82ac0e5f3
SHA1

d0ed7541bbb49b09aec37445a4663b9cfd597524
SHA256

c35d54d4caeafeebf3f713f8e21129ef461efb70a36292b5ad688e951cd4d950
SHA512

82980268a42ad87a73d00b9627c8021c0df6d601293dfc7a0b54efefe60eb31e0d433888a4d6c0d20ca0ce644493d1a3f34a6d7f3c96c70dc2d940de070bd4af
SSDEEP

3072:6gAY5G/N6Mt4krsjo+ILVyqw3mgkg8FwhuLJD4KpXUhp/rAVHv4MUxKenOxoEM7N:6gqtmuLGmgkN9LCKpApTAVH3T+Euqfa

Score

10^/10

gozi_ifsb 1071

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1071

C2

127.0.0.1

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  249ba989225747cf269f49e6c14b516031b5071bdbcb5b07843af6f920b2e1ab_unpacked_dropper
- Size
  
  199KB
- MD5
  
  f8d484648035f9c039b3efe82ac0e5f3
- SHA1
  
  d0ed7541bbb49b09aec37445a4663b9cfd597524
- SHA256
  
  c35d54d4caeafeebf3f713f8e21129ef461efb70a36292b5ad688e951cd4d950
- SHA512
  
  82980268a42ad87a73d00b9627c8021c0df6d601293dfc7a0b54efefe60eb31e0d433888a4d6c0d20ca0ce644493d1a3f34a6d7f3c96c70dc2d940de070bd4af
- SSDEEP
  
  3072:6gAY5G/N6Mt4krsjo+ILVyqw3mgkg8FwhuLJD4KpXUhp/rAVHv4MUxKenOxoEM7N:6gqtmuLGmgkN9LCKpApTAVH3T+Euqfa
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2