General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220302-2mppaagdg4

  • MD5

    c72e3eba124896e10bd8acc54b1565fe

  • SHA1

    d19dd19fae7d61293e1879034b8a784f694b76e9

  • SHA256

    44b62bc022a43cfa60975be021a4f4d34caead61d23f2a925b7b470899b0195e

  • SHA512

    92929eafa1b48b79cbe00a65c7cd82d65261bc472cd2c5f0941bbb2c76a3721de9d0090c6053b9f53ed193a2b3fe9b9ce7406d0781ae52c3985898a318f68595

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

20000

C2

skype.com/signin

143.198.56.58

Attributes
base_path
/peer/
build
250225
exe_type
loader
extension
.prv
server_id
50
rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      c72e3eba124896e10bd8acc54b1565fe

    • SHA1

      d19dd19fae7d61293e1879034b8a784f694b76e9

    • SHA256

      44b62bc022a43cfa60975be021a4f4d34caead61d23f2a925b7b470899b0195e

    • SHA512

      92929eafa1b48b79cbe00a65c7cd82d65261bc472cd2c5f0941bbb2c76a3721de9d0090c6053b9f53ed193a2b3fe9b9ce7406d0781ae52c3985898a318f68595

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation