Resubmissions

27-10-2022 16:05

221027-tjtvtscger 10

24-10-2022 00:25

221024-aqx2aadegr 1

24-10-2022 00:25

221024-aqxqhsdec2 1

24-10-2022 00:24

221024-aqcqcadeb7 1

13-08-2022 01:18

220813-bn1j3abhdl 1

General

  • Target

    eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57

  • Size

    437KB

  • Sample

    221027-tjtvtscger

  • MD5

    360417f75090c962adb8021dbb478f67

  • SHA1

    5cd71ee15351c08ff35785774cc18dcaeca871c9

  • SHA256

    eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57

  • SHA512

    62088b203fe1eb61afbded8d64c0c00c682d421f73cbc688122c4e81a95924a648632c40ebf734d8693d5373c89bdbcf33ced5df115616dd96341414b4247390

  • SSDEEP

    12288:MNQGRYLUC/k+JwgIMinOCCdF4F9Bn/TomHe:MNQGRQUC/ZwMO1IFq9BnU

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://daydayvin.xyz

https://gigiman.xyz

Attributes
  • host_keep_time

    2

  • host_shift_time

    1

  • idle_time

    1

  • request_time

    10

aes.plain

Targets

    • Target

      eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57

    • Size

      437KB

    • MD5

      360417f75090c962adb8021dbb478f67

    • SHA1

      5cd71ee15351c08ff35785774cc18dcaeca871c9

    • SHA256

      eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57

    • SHA512

      62088b203fe1eb61afbded8d64c0c00c682d421f73cbc688122c4e81a95924a648632c40ebf734d8693d5373c89bdbcf33ced5df115616dd96341414b4247390

    • SSDEEP

      12288:MNQGRYLUC/k+JwgIMinOCCdF4F9Bn/TomHe:MNQGRQUC/ZwMO1IFq9BnU

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks