gozi | aadcee060caf3a796ad2e5ee06606088b6c78d28514bce4168a07b50484ead96 | Triage

Sharing

General

Target

2536-54-0x0000000000180000-0x000000000018E000-memory.dmp
Size

56KB
Sample

230718-vagpksdb8t
MD5

11cecf9bff85aae6127e9e3f3302b98c
SHA1

7a1cbca32be47e5c02377ffb026bd7fd1287676e
SHA256

aadcee060caf3a796ad2e5ee06606088b6c78d28514bce4168a07b50484ead96
SHA512

2195834105f2f1fdda47463e1e280f217b5f328dc2f538e4d0afe778613cb19004908741895a5051510dcf91700bb6e2fe24a7b74469b123dc40fec636b166d8
SSDEEP

768:A2GElOP0uEfnJRPBfxe4NOvDyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:oE4/EfnJRZZe4q3V0ecfcWvYEOU/UDG

Score

10^/10

gozi 20000 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  2536-54-0x0000000000180000-0x000000000018E000-memory.dmp
- Size
  
  56KB
- MD5
  
  11cecf9bff85aae6127e9e3f3302b98c
- SHA1
  
  7a1cbca32be47e5c02377ffb026bd7fd1287676e
- SHA256
  
  aadcee060caf3a796ad2e5ee06606088b6c78d28514bce4168a07b50484ead96
- SHA512
  
  2195834105f2f1fdda47463e1e280f217b5f328dc2f538e4d0afe778613cb19004908741895a5051510dcf91700bb6e2fe24a7b74469b123dc40fec636b166d8
- SSDEEP
  
  768:A2GElOP0uEfnJRPBfxe4NOvDyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:oE4/EfnJRZZe4q3V0ecfcWvYEOU/UDG
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2