Overview

overview

10

Static

static

10

1276-174-0...ry.exe

windows7-x64

1

1276-174-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1276-174-0x0000000000D50000-0x0000000000D5E000-memory.dmp

  • Size

    56KB

  • Sample

    230217-gxbj7adf3z

  • MD5

    0de4dd66f2862098b4754acd98409aed

  • SHA1

    e61b9623459b3fe7bd4c2d43ae68ebe0130fe59a

  • SHA256

    0433a68e69dae355656c251407212bb28512e43136ad7914a8fddd7f632f38af

  • SHA512

    00589415b1732b8fe2eaa4bb9cedf78ad9aa56210739cfe6cb58ba1ec3a16f57e8ac3ddb23981220bde6361919b918a348a1d1ec1ead998a33a0ba3b45b2a468

  • SSDEEP

    768:lLSnMOVhoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+nMOER4jaDtmiuqURq

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1276-174-0x0000000000D50000-0x0000000000D5E000-memory.dmp

    • Size

      56KB

    • MD5

      0de4dd66f2862098b4754acd98409aed

    • SHA1

      e61b9623459b3fe7bd4c2d43ae68ebe0130fe59a

    • SHA256

      0433a68e69dae355656c251407212bb28512e43136ad7914a8fddd7f632f38af

    • SHA512

      00589415b1732b8fe2eaa4bb9cedf78ad9aa56210739cfe6cb58ba1ec3a16f57e8ac3ddb23981220bde6361919b918a348a1d1ec1ead998a33a0ba3b45b2a468

    • SSDEEP

      768:lLSnMOVhoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+nMOER4jaDtmiuqURq

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks