gozi | 2f9aa1a1ddba6e911ba5aead610c12e0ab0078fe989c61c6989a463dbe5c0c7d | Triage

Sharing

General

Target

536-208-0x0000000000960000-0x000000000096E000-memory.dmp
Size

56KB
Sample

230216-rem6dahe2x
MD5

e8828bdc6d6e09e40af2137c588b5cb5
SHA1

ef1f751064ab7be8687a31149bffbcae7524c45d
SHA256

2f9aa1a1ddba6e911ba5aead610c12e0ab0078fe989c61c6989a463dbe5c0c7d
SHA512

90996137fcb101c1f197e7003f51f49a9115620794d3cd1a689dfe3a40d4bb8c44558957a3188d591600c78f9f4a18f5c877f2b722d31e5c92de457cc7d13ba9
SSDEEP

768:jRybN4aA02oR4jInhpp55dWSlkiidEfUPJqBQPt04:d24aA6R4jaDtmiuqURq

Score

10^/10

gozi 1001 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  536-208-0x0000000000960000-0x000000000096E000-memory.dmp
- Size
  
  56KB
- MD5
  
  e8828bdc6d6e09e40af2137c588b5cb5
- SHA1
  
  ef1f751064ab7be8687a31149bffbcae7524c45d
- SHA256
  
  2f9aa1a1ddba6e911ba5aead610c12e0ab0078fe989c61c6989a463dbe5c0c7d
- SHA512
  
  90996137fcb101c1f197e7003f51f49a9115620794d3cd1a689dfe3a40d4bb8c44558957a3188d591600c78f9f4a18f5c877f2b722d31e5c92de457cc7d13ba9
- SSDEEP
  
  768:jRybN4aA02oR4jInhpp55dWSlkiidEfUPJqBQPt04:d24aA6R4jaDtmiuqURq
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2