Overview

overview

10

Static

static

10

0da1e85be9...bd.exe

windows7-x64

10

0da1e85be9...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11716758656.zip

  • Size

    32KB

  • Sample

    230905-xdk8aaae97

  • MD5

    d408bece00dc82feb435e6bc3332db1c

  • SHA1

    0d2083b18e685146ef76bfbea55aad7d0ee475db

  • SHA256

    a074ccc56db54a7850a9297747f3e0ab1fece4c29e88d6e141a6c555d4ce8e1e

  • SHA512

    5df29105f5676650b662a5caf6c186ba8ee8d89b0492529f3ee772f5f8150d90414428110eb8c5600ed5c7a699f45473b302013778c553c1ac04df5e9cbc26bd

  • SSDEEP

    768:xEXjQ6MoFKeeYuAM9wjz5uptfQR/yMtqitZzwIKvN45xot:KTVbt/uAMZI1witZct0at

Score
10/10
gozi40000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

40000

C2

lentaphoto.at

iujdhsndjfks.ru

gameindikdowd.ru

jhgfdlkjhaoiu.su
Attributes
  • base_path

    /uploaded/

  • build

    250249

  • exe_type

    loader

  • extension

    .pct

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      0da1e85be9a2965c12fda89ccc5a73e454935f7b5363b9c90922a1941498fbbd

    • Size

      36KB

    • MD5

      ac395c8be88881a95d4c5b56f15c8a9a

    • SHA1

      1a2908ed7ae6c4ea2b97ac9bf971620f41992817

    • SHA256

      0da1e85be9a2965c12fda89ccc5a73e454935f7b5363b9c90922a1941498fbbd

    • SHA512

      a9fa692247a040da3168d2bbb79290a609d60e65b0419bfd7a41faea0ee2eb13230551f8f0739c758ddc2d253b19499dbcba1b4e9715657692e215791440a20d

    • SSDEEP

      768:qKbMPv5JLyy+yV34OB9bl5n+iRjn9P1avZa9Bmr1h097mI5Q:q4MHLLyJyt5+0zavZangX097mr

    Score
    10/10
    gozi40000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks