gozi | 3caf9004f4ec8f9a06bf32c69742055693cbcf14a94a5920e5dbe8330d910a9a | Triage

Sharing

General

Target

4624-153-0x0000000000840000-0x000000000084E000-memory.dmp
Size

56KB
Sample

230217-tl9dasfg3s
MD5

b1110ffd54fdce0ceb1e5c94023e8457
SHA1

f20fa2015e9b758fb07bb7a08073f6693ba224d6
SHA256

3caf9004f4ec8f9a06bf32c69742055693cbcf14a94a5920e5dbe8330d910a9a
SHA512

eb0f744e4c649da6cdd05b20103ddc44d320a7df0e218f23463e8d28737c6703a76087eafa942b0ab53f0c0b8f7ba63865d8a1a377f1f9076a887cf7f714b0d7
SSDEEP

768:h3fWnKyBqcddLoR4jInhpp55dWSlkiidEfUPJqBQPt04:hPyKy8cwR4jaDtmiuqURq

Score

10^/10

gozi 1001 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4624-153-0x0000000000840000-0x000000000084E000-memory.dmp
- Size
  
  56KB
- MD5
  
  b1110ffd54fdce0ceb1e5c94023e8457
- SHA1
  
  f20fa2015e9b758fb07bb7a08073f6693ba224d6
- SHA256
  
  3caf9004f4ec8f9a06bf32c69742055693cbcf14a94a5920e5dbe8330d910a9a
- SHA512
  
  eb0f744e4c649da6cdd05b20103ddc44d320a7df0e218f23463e8d28737c6703a76087eafa942b0ab53f0c0b8f7ba63865d8a1a377f1f9076a887cf7f714b0d7
- SSDEEP
  
  768:h3fWnKyBqcddLoR4jInhpp55dWSlkiidEfUPJqBQPt04:hPyKy8cwR4jaDtmiuqURq
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2