Overview

overview

10

Static

static

10

2404-55-0x...ry.dll

windows7-x64

3

2404-55-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2404-55-0x0000000000230000-0x000000000023E000-memory.dmp

  • Size

    56KB

  • Sample

    230718-tb58wscf7z

  • MD5

    8d7bcc418f02d713b6d39a89789675f7

  • SHA1

    224c61743655877a453460c67082f11e22596517

  • SHA256

    8060a0679a1526518f0388691c1c208f2960e111a0dba7923f33f5f49809bc5e

  • SHA512

    d9e46cdad89c3031b85e6f96a7b5315e62a7fc1ed18d8053ac2a2c7da978dc155c6210479005ccfee065e2078456084250fb33ec79814a1c531f88b10b8080ff

  • SSDEEP

    768:A25MqIovHEfnJpegJzviyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:3MqH/EfnJpJW3V0ecfcWvYEOU/UDG

Score
10/10
gozi20000isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91
Attributes
  • base_path

    /zerotohero/

  • build

    250260

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2404-55-0x0000000000230000-0x000000000023E000-memory.dmp

    • Size

      56KB

    • MD5

      8d7bcc418f02d713b6d39a89789675f7

    • SHA1

      224c61743655877a453460c67082f11e22596517

    • SHA256

      8060a0679a1526518f0388691c1c208f2960e111a0dba7923f33f5f49809bc5e

    • SHA512

      d9e46cdad89c3031b85e6f96a7b5315e62a7fc1ed18d8053ac2a2c7da978dc155c6210479005ccfee065e2078456084250fb33ec79814a1c531f88b10b8080ff

    • SSDEEP

      768:A25MqIovHEfnJpegJzviyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:3MqH/EfnJpJW3V0ecfcWvYEOU/UDG

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks