Overview

overview

10

Static

static

3

cb652995b0...ff.dll

windows7-x64

10

cb652995b0...ff.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12122960167.zip

  • Size

    140KB

  • Sample

    231002-p42zqace59

  • MD5

    83f523f78267fef004ad1494ce4104e0

  • SHA1

    95412ddfae651131f7021b3527df2fa21ff56d9b

  • SHA256

    5cc3089e6115e50b2b1182b5789124c3d8386e7525eab3946984ff79ce47ff23

  • SHA512

    2fe476cb9af827e264a599f07a639ed9434fe6ab24fa869cd5208171e27729991664b1803b1f456e3dcdc8ea1a616b959d426073bec4e0855720953e8b8616c6

  • SSDEEP

    3072:Mhb2JermS8zV7LW++JbrlQxpNI3YfdHUunHxDOPZKjxnQul:MMJeGzxLwJtWPII1nDOPYiul

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.204
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      cb652995b061a5269f7e4f51a01c2282108c307fcddd043a0d8ceae29c795cff

    • Size

      241KB

    • MD5

      6a8250fc42834f3ee7923c6fbc419296

    • SHA1

      01a8b47f3690f09665f5624bda8ec733234dd526

    • SHA256

      cb652995b061a5269f7e4f51a01c2282108c307fcddd043a0d8ceae29c795cff

    • SHA512

      67e7b9366d0d6e3754f501f341b820556a3dd2cc4288c1c56ff0b12285104a1d45a534f7af37bdf42ab5d843eab8b68e7fbc7d5b3233d784c6d59cf3791802e8

    • SSDEEP

      6144:hwBleesZTUgRttGQn0yf5tk3Etd9F4veS:sge6aQZ5tLIe

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks