Overview

overview

10

Static

static

98ec340830...28.exe

windows7-x64

10

98ec340830...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028

  • Size

    277KB

  • Sample

    230129-wvrkysgf28

  • MD5

    7c3f801620ea1cebd29889400ec9af67

  • SHA1

    b0d226574d6d7fb4ec46fcf0afea08d6e8f91674

  • SHA256

    98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028

  • SHA512

    b81e6dd0bf79ef853b2cbe09dddea946f87f901fbe3e66cad838684cdd4104bb454483fdfaf115a5c9203e7cd512547ec53a3c99fa2eb109c05403637352a6b6

  • SSDEEP

    6144:5sOKPyyl3yr4yJ0hlNM0NZfxZRggbgH5o:5NvmfyJuM4Zpc5o

Score
10/10
gozi6000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

6000

C2

http://velooiisd.club

Attributes
  • build

    214082

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028

    • Size

      277KB

    • MD5

      7c3f801620ea1cebd29889400ec9af67

    • SHA1

      b0d226574d6d7fb4ec46fcf0afea08d6e8f91674

    • SHA256

      98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028

    • SHA512

      b81e6dd0bf79ef853b2cbe09dddea946f87f901fbe3e66cad838684cdd4104bb454483fdfaf115a5c9203e7cd512547ec53a3c99fa2eb109c05403637352a6b6

    • SSDEEP

      6144:5sOKPyyl3yr4yJ0hlNM0NZfxZRggbgH5o:5NvmfyJuM4Zpc5o

    Score
    10/10
    gozi6000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks