Overview

overview

10

Static

static

10

1476-175-0...ry.exe

windows7-x64

1

1476-175-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1476-175-0x00000000007F0000-0x00000000007FE000-memory.dmp

  • Size

    56KB

  • Sample

    230217-jkknfaed23

  • MD5

    5bd62e5885e8399dcbad3dedde07a7ec

  • SHA1

    b323d3a063f01c26770fb95b9d422f60e0103dc2

  • SHA256

    e4b9e72a34275209d85ed6b7caf1c3215ffec38a059059b30c91b67178d15eaf

  • SHA512

    0baa3a6746398540bb238543e787e306a605c12f778a7fddf8a23c59961c0860b3d2d977bf7da1edbe40e0d1e5f1b92dd40d18e12a68c27846c57e3a7308bd92

  • SSDEEP

    768:pFIVgW9QoR4jInhpp55dWSlkiidEfUPJqBQPt04:pKVgWPR4jaDtmiuqURq

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1476-175-0x00000000007F0000-0x00000000007FE000-memory.dmp

    • Size

      56KB

    • MD5

      5bd62e5885e8399dcbad3dedde07a7ec

    • SHA1

      b323d3a063f01c26770fb95b9d422f60e0103dc2

    • SHA256

      e4b9e72a34275209d85ed6b7caf1c3215ffec38a059059b30c91b67178d15eaf

    • SHA512

      0baa3a6746398540bb238543e787e306a605c12f778a7fddf8a23c59961c0860b3d2d977bf7da1edbe40e0d1e5f1b92dd40d18e12a68c27846c57e3a7308bd92

    • SSDEEP

      768:pFIVgW9QoR4jInhpp55dWSlkiidEfUPJqBQPt04:pKVgWPR4jaDtmiuqURq

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks