Overview

overview

10

Static

static

10

4132-204-0...ry.exe

windows7-x64

1

4132-204-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4132-204-0x0000000000F90000-0x0000000000F9E000-memory.dmp

  • Size

    56KB

  • Sample

    230217-m9dg7sfb42

  • MD5

    f8521c47828867a923577a006d294b99

  • SHA1

    6ba5142173980f19f77b36e91cd6709a5c1fefc6

  • SHA256

    f570d65e6192afc148013dcc295a711c05e44e5ab045b51fb72e9ba682aabb5a

  • SHA512

    cbcdfac7500ccc5e00d9e213d535796f93845484a97e32f4c0951131881718885497bc24160f4359530130964ce89c838c9f91ee587dae1490702a8d208adade

  • SSDEEP

    768:kecAmTc2kaoR4jInhpp55dWSlkiidEfUPJqBQPt04:FcFTc2iR4jaDtmiuqURq

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158
Attributes
  • base_path

    /microsoft/

  • build

    250256

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      4132-204-0x0000000000F90000-0x0000000000F9E000-memory.dmp

    • Size

      56KB

    • MD5

      f8521c47828867a923577a006d294b99

    • SHA1

      6ba5142173980f19f77b36e91cd6709a5c1fefc6

    • SHA256

      f570d65e6192afc148013dcc295a711c05e44e5ab045b51fb72e9ba682aabb5a

    • SHA512

      cbcdfac7500ccc5e00d9e213d535796f93845484a97e32f4c0951131881718885497bc24160f4359530130964ce89c838c9f91ee587dae1490702a8d208adade

    • SSDEEP

      768:kecAmTc2kaoR4jInhpp55dWSlkiidEfUPJqBQPt04:FcFTc2iR4jaDtmiuqURq

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks