gozi | ea75bd9bbf44f84559931a84576c2d54b59dea7f6834f86bed52de4ef6333925 | Triage

Sharing

General

Target

1560-278-0x00000000009A0000-0x00000000009AE000-memory.dmp
Size

56KB
Sample

230216-bbpxssef51
MD5

73c5365db7d4e5a62bf482d6ebe96afa
SHA1

2180c1b6b9520d4e667eb643b90fe2210fb9cc02
SHA256

ea75bd9bbf44f84559931a84576c2d54b59dea7f6834f86bed52de4ef6333925
SHA512

72fee29059c1838fedad73fbf9db3f809fcbdb329e77769f7d22899f155461b9e8b229058bc2473de3e88439f152182e1b96e080cb3f14ead2f2c6c8abbd8cbd
SSDEEP

768:F0xEq44boR4jInhpp55dWSlkiidEfUPJqBQPt04:FuEq45R4jaDtmiuqURq

Score

10^/10

gozi 1001 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1560-278-0x00000000009A0000-0x00000000009AE000-memory.dmp
- Size
  
  56KB
- MD5
  
  73c5365db7d4e5a62bf482d6ebe96afa
- SHA1
  
  2180c1b6b9520d4e667eb643b90fe2210fb9cc02
- SHA256
  
  ea75bd9bbf44f84559931a84576c2d54b59dea7f6834f86bed52de4ef6333925
- SHA512
  
  72fee29059c1838fedad73fbf9db3f809fcbdb329e77769f7d22899f155461b9e8b229058bc2473de3e88439f152182e1b96e080cb3f14ead2f2c6c8abbd8cbd
- SSDEEP
  
  768:F0xEq44boR4jInhpp55dWSlkiidEfUPJqBQPt04:FuEq45R4jaDtmiuqURq
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2