General
-
Target
gozi.payload-disk
-
Size
43KB
-
Sample
220817-z927sachgp
-
MD5
f2ad11fb909f3a617e694fefb24fa193
-
SHA1
ef6e6f47ac66240f68a04ebeab0a77ef7b3e42c2
-
SHA256
9f2520404452a6b55b19756cb6d1af5da60a0b43a549aab85dc9cb49d3d59cae
-
SHA512
1020d5ecf0541fa07651db1190c0ff2a125bbdbe39e7378b0d3793419b528464d14e97d56cc78f74a7d3e9070011a03f838c4b08fc5c65fc23c9902e41073cb9
-
SSDEEP
768:TxlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp7:NlYhzJ2VQEFf/2VYuAZOzNM7uyH
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
superstarts.top
superlist.top
internetcoca.in
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
gozi.payload-disk
-
Size
43KB
-
MD5
f2ad11fb909f3a617e694fefb24fa193
-
SHA1
ef6e6f47ac66240f68a04ebeab0a77ef7b3e42c2
-
SHA256
9f2520404452a6b55b19756cb6d1af5da60a0b43a549aab85dc9cb49d3d59cae
-
SHA512
1020d5ecf0541fa07651db1190c0ff2a125bbdbe39e7378b0d3793419b528464d14e97d56cc78f74a7d3e9070011a03f838c4b08fc5c65fc23c9902e41073cb9
-
SSDEEP
768:TxlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp7:NlYhzJ2VQEFf/2VYuAZOzNM7uyH
Score1/10 -