Overview

overview

10

Static

static

10

gozi.dll

windows7-x64

1

gozi.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gozi.payload-disk

  • Size

    44KB

  • Sample

    231003-g5ab4aae92

  • MD5

    e4d7022dd404d610aed136c89d826e19

  • SHA1

    7b85aeed0504c0eb2e81ef347b11a0670e6f9001

  • SHA256

    d795d0781dc3387a557bd4307d14e00a9ae6d9ac4f4dd833abc4bbd390600a46

  • SHA512

    28c1967d0b881193e2bbe13029efbe00ee5c68dcdc09796dc6dbb7d5c0ef21d5bd2c4f57503af269c3642a5eb04cca88e96d88bc7902dab9b52ad3935b498418

  • SSDEEP

    768:kX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:kvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

46.8.210.250

31.41.44.9

185.247.184.139

62.72.33.155
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      44KB

    • MD5

      e4d7022dd404d610aed136c89d826e19

    • SHA1

      7b85aeed0504c0eb2e81ef347b11a0670e6f9001

    • SHA256

      d795d0781dc3387a557bd4307d14e00a9ae6d9ac4f4dd833abc4bbd390600a46

    • SHA512

      28c1967d0b881193e2bbe13029efbe00ee5c68dcdc09796dc6dbb7d5c0ef21d5bd2c4f57503af269c3642a5eb04cca88e96d88bc7902dab9b52ad3935b498418

    • SSDEEP

      768:kX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:kvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks