Overview

overview

10

Static

static

10

3036-234-0...ry.exe

windows7-x64

1

3036-234-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3036-234-0x0000000001210000-0x000000000121E000-memory.dmp

  • Size

    56KB

  • Sample

    230216-l8v57agg2y

  • MD5

    06e80bf92b613aeb179d57b7215ff313

  • SHA1

    c96863142099200142d1cd5dac032f6d039c2857

  • SHA256

    f5c4e67b910a76f650aa7b5bca6f3a04a084a77e032a6e5abd384eb7e4176d8a

  • SHA512

    7d20e69aa13dcff4d99aaa2ae7b7e6b1e16c14661b846c2cfb654745aa6293e9044688018f90c9b06f07d5dd727b5b4aeeece5234309d9959d1e5bfbca7ea8fc

  • SSDEEP

    768:sYkVEqodfoR4jInhpp55dWSlkiidEfUPJqBQPt04:sYqEqomR4jaDtmiuqURq

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      3036-234-0x0000000001210000-0x000000000121E000-memory.dmp

    • Size

      56KB

    • MD5

      06e80bf92b613aeb179d57b7215ff313

    • SHA1

      c96863142099200142d1cd5dac032f6d039c2857

    • SHA256

      f5c4e67b910a76f650aa7b5bca6f3a04a084a77e032a6e5abd384eb7e4176d8a

    • SHA512

      7d20e69aa13dcff4d99aaa2ae7b7e6b1e16c14661b846c2cfb654745aa6293e9044688018f90c9b06f07d5dd727b5b4aeeece5234309d9959d1e5bfbca7ea8fc

    • SSDEEP

      768:sYkVEqodfoR4jInhpp55dWSlkiidEfUPJqBQPt04:sYqEqomR4jaDtmiuqURq

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks