Overview

overview

10

Static

static

10

4344-238-0...ry.exe

windows7-x64

1

4344-238-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4344-238-0x00000000005D0000-0x00000000005DE000-memory.dmp

  • Size

    56KB

  • Sample

    230216-pr4b1shb5w

  • MD5

    9171cf6ed5c7365e12ae9d696f4886eb

  • SHA1

    ce228c1a5cbb0e5ee8e5947df4e9cf3f6be1149a

  • SHA256

    88a6d5f37a6c521171b558e02c784554e7af7c4f86fb5ba0d0630bf7cdae9383

  • SHA512

    dc4953b42e0486c8033ab189bc41851f208666c9e46b388fbf82a9a52d712b8f5d418128b1a1efeca6bd6ccc0c790bb0223862ebd11c06796d599e633c00347a

  • SSDEEP

    768:ljqfc+ntoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+fc+uR4jaDtmiuqURq

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      4344-238-0x00000000005D0000-0x00000000005DE000-memory.dmp

    • Size

      56KB

    • MD5

      9171cf6ed5c7365e12ae9d696f4886eb

    • SHA1

      ce228c1a5cbb0e5ee8e5947df4e9cf3f6be1149a

    • SHA256

      88a6d5f37a6c521171b558e02c784554e7af7c4f86fb5ba0d0630bf7cdae9383

    • SHA512

      dc4953b42e0486c8033ab189bc41851f208666c9e46b388fbf82a9a52d712b8f5d418128b1a1efeca6bd6ccc0c790bb0223862ebd11c06796d599e633c00347a

    • SSDEEP

      768:ljqfc+ntoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+fc+uR4jaDtmiuqURq

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks