Overview

overview

10

Static

static

1

01b8ce7ce0...45.dll

windows7-x64

10

01b8ce7ce0...45.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01b8ce7ce0fef1d9076cee432752d4000661072f8e963676765ef05468f58645.dll

  • Size

    613KB

  • Sample

    230329-mr9gxsfh64

  • MD5

    3a22a2c97642ebdd1658f28610ef784c

  • SHA1

    8ed9f3204c7f1234d2f8e3bf6d4736d87e2460d7

  • SHA256

    01b8ce7ce0fef1d9076cee432752d4000661072f8e963676765ef05468f58645

  • SHA512

    e0ef46c3bf358c0618adaa8c124548ae646c1e9121a6194a08fca2ddb850edd21b9a389e81402d08e2c2a92d66ad8a60b214f10f79e6b809a02a464e9b195479

  • SSDEEP

    12288:+0UQoMETWK5TpM7vBzCpgbiH4tDjwnQmcWG5Tms:sQoMETWK5Te79CpgbiH4xjwnWW5s

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.186
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      01b8ce7ce0fef1d9076cee432752d4000661072f8e963676765ef05468f58645.dll

    • Size

      613KB

    • MD5

      3a22a2c97642ebdd1658f28610ef784c

    • SHA1

      8ed9f3204c7f1234d2f8e3bf6d4736d87e2460d7

    • SHA256

      01b8ce7ce0fef1d9076cee432752d4000661072f8e963676765ef05468f58645

    • SHA512

      e0ef46c3bf358c0618adaa8c124548ae646c1e9121a6194a08fca2ddb850edd21b9a389e81402d08e2c2a92d66ad8a60b214f10f79e6b809a02a464e9b195479

    • SSDEEP

      12288:+0UQoMETWK5TpM7vBzCpgbiH4tDjwnQmcWG5Tms:sQoMETWK5Te79CpgbiH4xjwnWW5s

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks