Overview

overview

10

Static

static

10

1732-54-0x...ry.exe

windows7-x64

1

1732-54-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1732-54-0x0000000000400000-0x0000000000475000-memory.dmp

  • Size

    468KB

  • Sample

    230302-14qr8sef4x

  • MD5

    1205b56ff14adcb366bf275b6fada386

  • SHA1

    7bf5e2a6dced5eba5b3022532b5462005e162c19

  • SHA256

    f6bc7a4d37e4978d5ff9fe31aa9ed51f0e513a3dc96b40d09c0adbf50380ab88

  • SHA512

    7fbe3824ef4819d22c130ec727b76055d1baa17be189343009f490d2aca462217f64e6f96a8535629dd6bcaeddfaf148e5096e39d221ae8b46c4149f4617e839

  • SSDEEP

    768:9gYKd2Ujrh3ylofuFr8dluSHUv1oxU/Zom87E4fHA4sj3Me5l7UDo+rCfty:9fKdpROrFr4DU6x2JE3Q1lUnrmy

Score
10/10
gozi20000isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

https://checklistg.google.com

http://185.189.151.250

https://edge14.microsoft.com

http://45.11.181.117
Attributes
  • base_path

    /binaries/

  • build

    250255

  • exe_type

    loader

  • extension

    .ato

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1732-54-0x0000000000400000-0x0000000000475000-memory.dmp

    • Size

      468KB

    • MD5

      1205b56ff14adcb366bf275b6fada386

    • SHA1

      7bf5e2a6dced5eba5b3022532b5462005e162c19

    • SHA256

      f6bc7a4d37e4978d5ff9fe31aa9ed51f0e513a3dc96b40d09c0adbf50380ab88

    • SHA512

      7fbe3824ef4819d22c130ec727b76055d1baa17be189343009f490d2aca462217f64e6f96a8535629dd6bcaeddfaf148e5096e39d221ae8b46c4149f4617e839

    • SSDEEP

      768:9gYKd2Ujrh3ylofuFr8dluSHUv1oxU/Zom87E4fHA4sj3Me5l7UDo+rCfty:9fKdpROrFr4DU6x2JE3Q1lUnrmy

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks