gozi | d795d0781dc3387a557bd4307d14e00a9ae6d9ac4f4dd833abc4bbd390600a46 | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231003-g5ab4aae92
MD5

e4d7022dd404d610aed136c89d826e19
SHA1

7b85aeed0504c0eb2e81ef347b11a0670e6f9001
SHA256

d795d0781dc3387a557bd4307d14e00a9ae6d9ac4f4dd833abc4bbd390600a46
SHA512

28c1967d0b881193e2bbe13029efbe00ee5c68dcdc09796dc6dbb7d5c0ef21d5bd2c4f57503af269c3642a5eb04cca88e96d88bc7902dab9b52ad3935b498418
SSDEEP

768:kX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:kvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

46.8.210.250

31.41.44.9

185.247.184.139

62.72.33.155

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  e4d7022dd404d610aed136c89d826e19
- SHA1
  
  7b85aeed0504c0eb2e81ef347b11a0670e6f9001
- SHA256
  
  d795d0781dc3387a557bd4307d14e00a9ae6d9ac4f4dd833abc4bbd390600a46
- SHA512
  
  28c1967d0b881193e2bbe13029efbe00ee5c68dcdc09796dc6dbb7d5c0ef21d5bd2c4f57503af269c3642a5eb04cca88e96d88bc7902dab9b52ad3935b498418
- SSDEEP
  
  768:kX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:kvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2