Overview

overview

10

Static

static

10

decode_5d5...5e.exe

windows7-x64

1

decode_5d5...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    decode_5d598e3afe8736c96f6d2cc0a6509b12e9fc15d45afc070e7e9d5bd68946335e.exe

  • Size

    36KB

  • Sample

    230329-te21msgh83

  • MD5

    1f6822f8aab6189e0f9db8d6f820d9af

  • SHA1

    ffdbf44ae5db43c5210c5ef00b2b2d8192053dae

  • SHA256

    f84e0c6d7877be866064dd176f832737ae9cd04901913185c8e525efdcb9ee2e

  • SHA512

    10d878887fc7780b308469329d976eb6e6d033decad57bb23fd2fff8437e41ab7005d6e537b6b61526f1a99b743d5545ca3c6b22b0f28490eaf7c7c5340b08b3

  • SSDEEP

    768:gKbMPv5JLi5yOyV34OB9bl5n+iRjn9P1avZa9Bmr1h097mI5:g4MHLLi5pyt5+0zavZangX097m

Score
10/10
gozi1900bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1900

C2

tel12.msn.com

194.76.225.60

185.212.47.133
Attributes
  • base_path

    /doorway/

  • build

    250249

  • exe_type

    loader

  • extension

    .drr

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      decode_5d598e3afe8736c96f6d2cc0a6509b12e9fc15d45afc070e7e9d5bd68946335e.exe

    • Size

      36KB

    • MD5

      1f6822f8aab6189e0f9db8d6f820d9af

    • SHA1

      ffdbf44ae5db43c5210c5ef00b2b2d8192053dae

    • SHA256

      f84e0c6d7877be866064dd176f832737ae9cd04901913185c8e525efdcb9ee2e

    • SHA512

      10d878887fc7780b308469329d976eb6e6d033decad57bb23fd2fff8437e41ab7005d6e537b6b61526f1a99b743d5545ca3c6b22b0f28490eaf7c7c5340b08b3

    • SSDEEP

      768:gKbMPv5JLi5yOyV34OB9bl5n+iRjn9P1avZa9Bmr1h097mI5:g4MHLLi5pyt5+0zavZangX097m

    Score
    10/10
    gozi1900bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks