gozi | d1289afa289d40dbdbf3a604b1fb84db360dd468581fffbac78275ca6780d910 | Triage

Sharing

General

Target

1208-56-0x0000000180000000-0x0000000180013000-memory.dmp
Size

76KB
Sample

221124-lykxgaab4s
MD5

997556101550fd78a64409d3f6185ef5
SHA1

ebca870056a92cc3bc42664a22b218ac46aafbd8
SHA256

d1289afa289d40dbdbf3a604b1fb84db360dd468581fffbac78275ca6780d910
SHA512

d634645c48cc2648c89acebc67d999efbe83b63cb3ec3a33282d333d3e9996a59d356d855aaa1b5b63b1ce2ef5cf640d07cca00d41715e1ff8403e5d4d05ee86
SSDEEP

1536:pyFML+2YIf5YdDn/qGU1jDiBS/////////////////////////////m:pYM5n5eqGU138

Score

10^/10

gozi 202208151 ldr4

Malware Config

Extracted

Family

gozi

Botnet

202208151

C2

https://higmon.cyou

https://prises.cyou

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  1208-56-0x0000000180000000-0x0000000180013000-memory.dmp
- Size
  
  76KB
- MD5
  
  997556101550fd78a64409d3f6185ef5
- SHA1
  
  ebca870056a92cc3bc42664a22b218ac46aafbd8
- SHA256
  
  d1289afa289d40dbdbf3a604b1fb84db360dd468581fffbac78275ca6780d910
- SHA512
  
  d634645c48cc2648c89acebc67d999efbe83b63cb3ec3a33282d333d3e9996a59d356d855aaa1b5b63b1ce2ef5cf640d07cca00d41715e1ff8403e5d4d05ee86
- SSDEEP
  
  1536:pyFML+2YIf5YdDn/qGU1jDiBS/////////////////////////////m:pYM5n5eqGU138
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

ldr4202208151gozi

behavioral1

behavioral2