Overview

overview

10

Static

static

10

3496-5-0x0...ry.exe

windows7-x64

3496-5-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3496-5-0x0000000000400000-0x000000000040F000-memory.dmp

  • Size

    60KB

  • Sample

    231001-ekl42sac95

  • MD5

    baa2b43a743b1e8ec926df133f92c5fe

  • SHA1

    ddc47fd0f7dc9c258c532368def681929a7e05d8

  • SHA256

    279dd5c808ada0c8757c8e70f32d11d0281204c80fe518db27ee4ea43dc0572c

  • SHA512

    640bd2653452f281aeab3af71d18b678f2bb364381bb9f7ff2c1f3f651d07002f8a2557442299e754cb043a13b85aaf839a453146f4280dd94cbca8e4d82742b

  • SSDEEP

    768:iA3rPI5jShpW1v12wlZjyY8Kl7aQixYgxYJmv0NHY7lbjNltdX20JC:B3rPI5jSu1xZjLVJaf3C7YJj3HG0JC

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

netsecurez.com

whofoxy.com

mimemoa.com

ntcgo.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      3496-5-0x0000000000400000-0x000000000040F000-memory.dmp

    • Size

      60KB

    • MD5

      baa2b43a743b1e8ec926df133f92c5fe

    • SHA1

      ddc47fd0f7dc9c258c532368def681929a7e05d8

    • SHA256

      279dd5c808ada0c8757c8e70f32d11d0281204c80fe518db27ee4ea43dc0572c

    • SHA512

      640bd2653452f281aeab3af71d18b678f2bb364381bb9f7ff2c1f3f651d07002f8a2557442299e754cb043a13b85aaf839a453146f4280dd94cbca8e4d82742b

    • SSDEEP

      768:iA3rPI5jShpW1v12wlZjyY8Kl7aQixYgxYJmv0NHY7lbjNltdX20JC:B3rPI5jSu1xZjLVJaf3C7YJj3HG0JC

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks