General

  • Target

    2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_x64

  • Size

    345KB

  • Sample

    221027-ab1hvsabc2

  • MD5

    63223be31de5e0ea133b2aaf8cd63e9c

  • SHA1

    28aa25ef0ca227656504d074b4107989a3847780

  • SHA256

    908a2b2d385a32d541c795b3fd4b4675502632935fc5b772bb0323798b4a47ad

  • SHA512

    0acd678c11462a397fe7176674229e6ca97481fd767be63e6c5ae5161f5e186dd3ab6fffc8bb6e0510098fc21fe22f0fe745d7207141a15a2644eb6396dfd564

  • SSDEEP

    6144:aImDEdF/rxGtCM0KfJyO9C3GMHxpbdP5Q9RPoqTiB+6k6X7O:aImYdF/rItCMV9C9hARPoqTiB+

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10008

C2

jscallowallowallowjcli.me

disallowjscuserallow.pw

Attributes
  • build

    215801

  • dga_base_url

    z1.zedo.com/robots.txt

  • dga_crc

    0x246640bb

  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_x64

    • Size

      345KB

    • MD5

      63223be31de5e0ea133b2aaf8cd63e9c

    • SHA1

      28aa25ef0ca227656504d074b4107989a3847780

    • SHA256

      908a2b2d385a32d541c795b3fd4b4675502632935fc5b772bb0323798b4a47ad

    • SHA512

      0acd678c11462a397fe7176674229e6ca97481fd767be63e6c5ae5161f5e186dd3ab6fffc8bb6e0510098fc21fe22f0fe745d7207141a15a2644eb6396dfd564

    • SSDEEP

      6144:aImDEdF/rxGtCM0KfJyO9C3GMHxpbdP5Q9RPoqTiB+6k6X7O:aImYdF/rItCMV9C9hARPoqTiB+

    Score
    10/10

MITRE ATT&CK Matrix

Tasks