Analysis
-
max time kernel
143s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
07-03-2023 21:55
General
-
Target
required documents-85515212/documents3.exe
-
Size
674.4MB
-
MD5
e99b40631894b96eecebc1a476550691
-
SHA1
f0e6f67e727da0b8b83e8240f62b530e72222cc3
-
SHA256
1c55958b80f2064080a93d114397ce0e88b94cbcf0ed15fb98bccdc070046a54
-
SHA512
a7c4714cbf37f4a0ba8120ceacd576fac5e9bfed5d25f7eca65e27518d680f60b3eefd7b426a3a391640e64effcaff77e3cf4a3fe9c67425a3ba6ab1f7fb6427
-
SSDEEP
12288:O2FKUnggYedaoWBDXIEUYOgG7fnEW+rvAA2uxQFHAxW:O0ggVazrBU7vEBY4KFHL
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
20000
C2
https://checklistg.google.com
http://185.189.151.250
https://edge14.microsoft.com
http://45.11.181.117
Attributes
-
base_path
/binaries/
-
build
250255
-
exe_type
loader
-
extension
.ato
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\required documents-85515212\documents3.exe"C:\Users\Admin\AppData\Local\Temp\required documents-85515212\documents3.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1336-54-0x0000000000400000-0x0000000000485000-memory.dmpFilesize
532KB
-
memory/1336-55-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB
-
memory/1336-56-0x0000000000400000-0x0000000000485000-memory.dmpFilesize
532KB
-
memory/1336-57-0x0000000000400000-0x0000000000485000-memory.dmpFilesize
532KB
-
memory/1336-58-0x0000000000400000-0x0000000000485000-memory.dmpFilesize
532KB
-
memory/1336-59-0x0000000000400000-0x0000000000485000-memory.dmpFilesize
532KB
-
memory/1336-60-0x00000000003D0000-0x00000000003DD000-memory.dmpFilesize
52KB
-
memory/1336-63-0x0000000000400000-0x0000000000485000-memory.dmpFilesize
532KB