gozi_ifsb | 217831226a3f69dc927d01f6696315294fcf7c9738ba9955bdbffbd9076ea0aa | Triage

Sharing

General

Target

2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_dropper
Size

367KB
Sample

221027-abz74aabbr
MD5

45c3677c1f85d800c5ff3d0783bc0472
SHA1

38b7e90f6c5bd955a6d14d5b9f86fb22e9cc8020
SHA256

217831226a3f69dc927d01f6696315294fcf7c9738ba9955bdbffbd9076ea0aa
SHA512

eee6f4f7e6fc1975b1383e785fb638ee190b3692edb005cd094eada268954d7daea77e229f2a7928be3a01b04152f476293f02db5693776a70a03b9a76b839eb
SSDEEP

6144:UvBWQQqJizCS6EEXMvZyRC7YmqY28nzXLFy9wvK7SEg7b03oW8rykdvuj5dS17ui:U5WQBE8FX+ZZ77qYBgKv4Xg5RryGWldY

Score

10^/10

gozi_ifsb 10008

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10008

C2

jscallowallowallowjcli.me

disallowjscuserallow.pw

Attributes

build
215801
dga_base_url
z1.zedo.com/robots.txt
dga_crc
0x246640bb
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_dropper
- Size
  
  367KB
- MD5
  
  45c3677c1f85d800c5ff3d0783bc0472
- SHA1
  
  38b7e90f6c5bd955a6d14d5b9f86fb22e9cc8020
- SHA256
  
  217831226a3f69dc927d01f6696315294fcf7c9738ba9955bdbffbd9076ea0aa
- SHA512
  
  eee6f4f7e6fc1975b1383e785fb638ee190b3692edb005cd094eada268954d7daea77e229f2a7928be3a01b04152f476293f02db5693776a70a03b9a76b839eb
- SSDEEP
  
  6144:UvBWQQqJizCS6EEXMvZyRC7YmqY28nzXLFy9wvK7SEg7b03oW8rykdvuj5dS17ui:U5WQBE8FX+ZZ77qYBgKv4Xg5RryGWldY
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2