gozi | 65f2c346360885ba94a31c06f1c28458b47ad281fd43be209db7895bd15f64dc | Triage

Sharing

General

Target

3864-181-0x0000000000DD0000-0x0000000000DDE000-memory.dmp
Size

56KB
Sample

230217-qha5jsfa61
MD5

0aa1b97a38d9aff7ff9b957415a4dd3a
SHA1

51f6323653a7e0513bba540cb9d0360766631e35
SHA256

65f2c346360885ba94a31c06f1c28458b47ad281fd43be209db7895bd15f64dc
SHA512

7ba7975ee0de2eebb5068854ba41312fc74c85e876257a81d7c9a15d2d2f3bb81b03cf5d2e38ea187af9158d3bb51ad645e5bffd42d4e268197b1ff3d55c4f92
SSDEEP

768:Sojqfc+CjkoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+fc+MR4jaDtmiuqURq

Score

10^/10

gozi 1001 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3864-181-0x0000000000DD0000-0x0000000000DDE000-memory.dmp
- Size
  
  56KB
- MD5
  
  0aa1b97a38d9aff7ff9b957415a4dd3a
- SHA1
  
  51f6323653a7e0513bba540cb9d0360766631e35
- SHA256
  
  65f2c346360885ba94a31c06f1c28458b47ad281fd43be209db7895bd15f64dc
- SHA512
  
  7ba7975ee0de2eebb5068854ba41312fc74c85e876257a81d7c9a15d2d2f3bb81b03cf5d2e38ea187af9158d3bb51ad645e5bffd42d4e268197b1ff3d55c4f92
- SSDEEP
  
  768:Sojqfc+CjkoR4jInhpp55dWSlkiidEfUPJqBQPt04:l+fc+MR4jaDtmiuqURq
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2