Overview

overview

10

Static

static

10

gozi.dll

windows7-x64

1

gozi.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gozi.payload-disk

  • Size

    44KB

  • Sample

    230718-td4svacf9y

  • MD5

    11c0de1cdcea1a09b2efc5dc09937d5a

  • SHA1

    d0ee6ae27bb8bae0ce00d513e46b4397bd3794ef

  • SHA256

    dd29faad8271ceff200418996a1300d5b6b4355d4fe4b0d482189f0d49d67f07

  • SHA512

    c11b56e57605b29b60bb70a854bee0dc18ff922c6f520850bb7d501cfa74328bd5fa84f88e962275e9c09591d71a52940ce96629b7cc72cea364b2146128168c

  • SSDEEP

    768:Se4VA4MDErUNxWZSTcOlPyG9UGQhVS5sBm8HeDqzL7gpbBPABRFy9oTyb:Se5BmKxWZSplPyG9UGgVS5AHeD2L78oO

Score
10/10
gozi20000isfb

Malware Config

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91
Attributes
  • base_path

    /zerotohero/

  • build

    250260

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      44KB

    • MD5

      11c0de1cdcea1a09b2efc5dc09937d5a

    • SHA1

      d0ee6ae27bb8bae0ce00d513e46b4397bd3794ef

    • SHA256

      dd29faad8271ceff200418996a1300d5b6b4355d4fe4b0d482189f0d49d67f07

    • SHA512

      c11b56e57605b29b60bb70a854bee0dc18ff922c6f520850bb7d501cfa74328bd5fa84f88e962275e9c09591d71a52940ce96629b7cc72cea364b2146128168c

    • SSDEEP

      768:Se4VA4MDErUNxWZSTcOlPyG9UGQhVS5sBm8HeDqzL7gpbBPABRFy9oTyb:Se5BmKxWZSplPyG9UGgVS5AHeD2L78oO

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks