Overview

overview

10

Static

static

10

1960-182-0...ry.exe

windows7-x64

1

1960-182-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1960-182-0x00000000005D0000-0x00000000005DE000-memory.dmp

  • Size

    56KB

  • Sample

    230216-s1xglsac72

  • MD5

    70b027e05c553042cdbf1a80c60306e9

  • SHA1

    6dc9c4a8d148dffd001f961f81c0efeb349eb578

  • SHA256

    ce908097153cf6f4ad172edff4f8d1ff8d63ffb6e38a31acb955ae60f0355848

  • SHA512

    614720a835af5a3af0413cf0b76da8f583af3717ffcb00245309febb7c55c040d6afd9fa3f98de73031167924928b30b1c2a7eab2b615f564a3e85a71134448c

  • SSDEEP

    768:ljqfc+ofoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+fc+xR4jaDtmiuqURq

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1960-182-0x00000000005D0000-0x00000000005DE000-memory.dmp

    • Size

      56KB

    • MD5

      70b027e05c553042cdbf1a80c60306e9

    • SHA1

      6dc9c4a8d148dffd001f961f81c0efeb349eb578

    • SHA256

      ce908097153cf6f4ad172edff4f8d1ff8d63ffb6e38a31acb955ae60f0355848

    • SHA512

      614720a835af5a3af0413cf0b76da8f583af3717ffcb00245309febb7c55c040d6afd9fa3f98de73031167924928b30b1c2a7eab2b615f564a3e85a71134448c

    • SSDEEP

      768:ljqfc+ofoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+fc+xR4jaDtmiuqURq

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks