gozi | 40c31397d385fcf832140ea15596888ac9aea840f274597f5f7443c31a841325 | Triage

Sharing

General

Target

1244-181-0x00000000006D0000-0x00000000006DE000-memory.dmp
Size

56KB
Sample

230217-gwyckadf3y
MD5

e6608de47c6263d80c5a78003b2aa6c4
SHA1

f3b909d1341359cb42a50f7f3a68854c947b93fc
SHA256

40c31397d385fcf832140ea15596888ac9aea840f274597f5f7443c31a841325
SHA512

7afde783c0273b869ffe4716e13fea371602f087703d70f79a28aea458676f96734d5a75803fd940952d7c7236e1d5d00c094d5ddd5b76beb3edc6f7622fe474
SSDEEP

768:lw66vcedjooR4jInhpp55dWSlkiidEfUPJqBQPt04:lw7vceLR4jaDtmiuqURq

Score

10^/10

gozi 1001 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1244-181-0x00000000006D0000-0x00000000006DE000-memory.dmp
- Size
  
  56KB
- MD5
  
  e6608de47c6263d80c5a78003b2aa6c4
- SHA1
  
  f3b909d1341359cb42a50f7f3a68854c947b93fc
- SHA256
  
  40c31397d385fcf832140ea15596888ac9aea840f274597f5f7443c31a841325
- SHA512
  
  7afde783c0273b869ffe4716e13fea371602f087703d70f79a28aea458676f96734d5a75803fd940952d7c7236e1d5d00c094d5ddd5b76beb3edc6f7622fe474
- SSDEEP
  
  768:lw66vcedjooR4jInhpp55dWSlkiidEfUPJqBQPt04:lw7vceLR4jaDtmiuqURq
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2