Overview

overview

10

Static

static

10

4292368302...er.exe

windows7-x64

3

4292368302...er.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper

  • Size

    234KB

  • Sample

    221027-aef9dsabdq

  • MD5

    20175483f1ce240ee7bdb36e212f7107

  • SHA1

    63b7747390a57220c2b3a1d174806f91ebe828b0

  • SHA256

    2f5ea1a62fc13005fa827ebb5ae0df55fac1a81428d9fd99c24f771aef6a3f70

  • SHA512

    2a0cec9b768dc8460dc2af753b3e59e6c27d31a13298e55a4c7a894d6158a92bfeae8db3f141cd23113237b9c3f94132e873294548a38212c8786937d897b2eb

  • SSDEEP

    3072:/nIQbLqvw4+fXJ0yGUtIlF6jUFjSi73sMlZDeDptJMvZanVid6LQa0VwDbrVcWJ8:/IsWUf5KoqQa7sMlYtJwa0mP9qu8

Score
10/10
gozi_ifsb1001

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

Attributes
  • build

    215840

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • exe_type

    worker

  • server_id

    93

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_dropper

    • Size

      234KB

    • MD5

      20175483f1ce240ee7bdb36e212f7107

    • SHA1

      63b7747390a57220c2b3a1d174806f91ebe828b0

    • SHA256

      2f5ea1a62fc13005fa827ebb5ae0df55fac1a81428d9fd99c24f771aef6a3f70

    • SHA512

      2a0cec9b768dc8460dc2af753b3e59e6c27d31a13298e55a4c7a894d6158a92bfeae8db3f141cd23113237b9c3f94132e873294548a38212c8786937d897b2eb

    • SSDEEP

      3072:/nIQbLqvw4+fXJ0yGUtIlF6jUFjSi73sMlZDeDptJMvZanVid6LQa0VwDbrVcWJ8:/IsWUf5KoqQa7sMlYtJwa0mP9qu8

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks