Overview

overview

10

Static

static

10

4912-237-0...ry.dll

windows7-x64

3

4912-237-0...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4912-237-0x00000000001E0000-0x00000000001ED000-memory.dmp

  • Size

    52KB

  • Sample

    230216-jz9acagc6y

  • MD5

    702a3d52c7825da6e386b6b8ac9509af

  • SHA1

    262df104deeec93cab04bd29ac4776c6f7d61b90

  • SHA256

    9bf0c8bff7c6dfd19d717fcc821fc0c753c3b758fe6b75bb3c85b9040f18d932

  • SHA512

    3640db29dba66ee78c7a69cd014385218cab2ad6524cd05b93e5f7cb63d17c525dfec4825e78d4b0a8f1e8954bbcbc9495b9b0ace63b4c7a4b96a7967bcd8484

  • SSDEEP

    768:5refh72T8ejiuQpIjjQZsj9Zp0ywxPy46tYRNjtll09CsPhc/1d4coqZ:he5UiFpyys/p0Fxq46tYR5l0UsPy/AQ

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      4912-237-0x00000000001E0000-0x00000000001ED000-memory.dmp

    • Size

      52KB

    • MD5

      702a3d52c7825da6e386b6b8ac9509af

    • SHA1

      262df104deeec93cab04bd29ac4776c6f7d61b90

    • SHA256

      9bf0c8bff7c6dfd19d717fcc821fc0c753c3b758fe6b75bb3c85b9040f18d932

    • SHA512

      3640db29dba66ee78c7a69cd014385218cab2ad6524cd05b93e5f7cb63d17c525dfec4825e78d4b0a8f1e8954bbcbc9495b9b0ace63b4c7a4b96a7967bcd8484

    • SSDEEP

      768:5refh72T8ejiuQpIjjQZsj9Zp0ywxPy46tYRNjtll09CsPhc/1d4coqZ:he5UiFpyys/p0Fxq46tYR5l0UsPy/AQ

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks