gozi | 0123e9c445f558d6af0b8eaea786f7b429a4195a0ec1f3e56bf5bd42f4ca075d | Triage

Sharing

General

Target

4948-145-0x0000000002740000-0x000000000274E000-memory.dmp
Size

56KB
Sample

230718-vebn5acd78
MD5

3c881154f90736ea3c69a9e0ab01cd85
SHA1

899a1eb85f4ac78fe625268cf4bbef95e82ada3f
SHA256

0123e9c445f558d6af0b8eaea786f7b429a4195a0ec1f3e56bf5bd42f4ca075d
SHA512

97ec4ad9bafe8be0ec9f3a5e4ecd68259c636775effe7861412b7855c20df330c808b099518e5d63be3649bed440c7e2898c60642caf21ae3b0b20947b6bc78d
SSDEEP

768:A2gGoxu8EfnJhZn96vSyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:GGifEfnJhTx3V0ecfcWvYEOU/UDG

Score

10^/10

gozi 20000 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4948-145-0x0000000002740000-0x000000000274E000-memory.dmp
- Size
  
  56KB
- MD5
  
  3c881154f90736ea3c69a9e0ab01cd85
- SHA1
  
  899a1eb85f4ac78fe625268cf4bbef95e82ada3f
- SHA256
  
  0123e9c445f558d6af0b8eaea786f7b429a4195a0ec1f3e56bf5bd42f4ca075d
- SHA512
  
  97ec4ad9bafe8be0ec9f3a5e4ecd68259c636775effe7861412b7855c20df330c808b099518e5d63be3649bed440c7e2898c60642caf21ae3b0b20947b6bc78d
- SSDEEP
  
  768:A2gGoxu8EfnJhZn96vSyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:GGifEfnJhTx3V0ecfcWvYEOU/UDG
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2