Resubmissions

27-10-2022 16:06

221027-tj656acfg7 10

25-08-2022 16:02

220825-tg4bgsgbe7 1

General

  • Target

    test2.dll

  • Size

    417KB

  • Sample

    221027-tj656acfg7

  • MD5

    bea60bab50d47f239132890a343ae84c

  • SHA1

    370ebd02e9284576d28ed8a114b767a2bd0d14fd

  • SHA256

    74b57e264dd84cbb7c4e1a7eb8a8dbdb932f01ac34e48e2e6d41ab82f05c682f

  • SHA512

    6b67946fa066139caafc6bac1bbdcf8c0e2d067194dca06cf93a54f6d6ad3f2620e1f27adf06e510f5dbeda0660576a3914164b1213a441da27af36267ed082a

  • SSDEEP

    6144:BkakVZKK4DiSqU2fEIj45A1Wkn6KLm1fEdkAdpqAeOhU1PQZukC3j+CH0sAW:XkXUCLcIj4S15RSJEdBdpYKUtQZu5zb

Malware Config

Extracted

Family

gozi

Botnet

202208151

C2

https://logotep.xyz

https://vavilgo.xyz

Attributes
  • host_keep_time

    2

  • host_shift_time

    1

  • idle_time

    1

  • request_time

    10

aes.plain

Targets

    • Target

      test2.dll

    • Size

      417KB

    • MD5

      bea60bab50d47f239132890a343ae84c

    • SHA1

      370ebd02e9284576d28ed8a114b767a2bd0d14fd

    • SHA256

      74b57e264dd84cbb7c4e1a7eb8a8dbdb932f01ac34e48e2e6d41ab82f05c682f

    • SHA512

      6b67946fa066139caafc6bac1bbdcf8c0e2d067194dca06cf93a54f6d6ad3f2620e1f27adf06e510f5dbeda0660576a3914164b1213a441da27af36267ed082a

    • SSDEEP

      6144:BkakVZKK4DiSqU2fEIj45A1Wkn6KLm1fEdkAdpqAeOhU1PQZukC3j+CH0sAW:XkXUCLcIj4S15RSJEdBdpYKUtQZu5zb

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks