Overview

overview

10

Static

static

10

gozi.dll

windows7-x64

1

gozi.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    230104-q9ayvsgd49

  • MD5

    d31858aecf0b618f5485a6e2134d1aa1

  • SHA1

    8df65f3419b6ffaf649bcc63b124d8a71e23567a

  • SHA256

    dfec3a102b5b4419c328857a88bef03b38e371577b276aae00506e69fa108abb

  • SHA512

    1e556b76f22d0a059d515ac584a873baeb5fc4f4715686d5d459dec361512e352e30fac6f906602caf9da3ee1789bbbc0e6597418d82ad01b32ac9e6f0a1f217

  • SSDEEP

    768:iO60dvSXUWzHY4kD/zaho82WVV3rh5Uznoo7e6GzheOB/G7gpdS4JowCyjQBOQ:iOLgy4kD/2H2WjbhcTGNeOdG7uS45QBb

Score
10/10
gozi7701isfb

Malware Config

Extracted

Family

gozi

Botnet

7701

C2

checklist.skype.com

62.173.145.223

31.41.44.105

45.89.66.58
Attributes
  • base_path

    /drew/

  • build

    250249

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      d31858aecf0b618f5485a6e2134d1aa1

    • SHA1

      8df65f3419b6ffaf649bcc63b124d8a71e23567a

    • SHA256

      dfec3a102b5b4419c328857a88bef03b38e371577b276aae00506e69fa108abb

    • SHA512

      1e556b76f22d0a059d515ac584a873baeb5fc4f4715686d5d459dec361512e352e30fac6f906602caf9da3ee1789bbbc0e6597418d82ad01b32ac9e6f0a1f217

    • SSDEEP

      768:iO60dvSXUWzHY4kD/zaho82WVV3rh5Uznoo7e6GzheOB/G7gpdS4JowCyjQBOQ:iOLgy4kD/2H2WjbhcTGNeOdG7uS45QBb

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks