Overview

overview

10

Static

static

10

gozi.dll

windows7-x64

1

gozi.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gozi.payload-disk

  • Size

    44KB

  • Sample

    231003-n5l48acc96

  • MD5

    26070a48eb1faad0e33b807c344c1bd5

  • SHA1

    796ac98180cfa1c9c4d6a386231580cc84ece5c9

  • SHA256

    38d204259cd5c42aa842f6dc86c9a635c1afd8c5ea3054fceb029a81697c5cbf

  • SHA512

    37ab68747005cce3fc1049e6f614f999c1a9c228c9cf3586848dc2a6f5cb5f56528596be48074f41d813a1ee550dc172590c1a2c3be4f6967d35fe477b403217

  • SSDEEP

    768:XX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTyA:Xvrx/qp8OmwxfhyVxQlBdvW4eLOL7eXM

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

185.247.184.139

62.72.33.155

incontroler.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      44KB

    • MD5

      26070a48eb1faad0e33b807c344c1bd5

    • SHA1

      796ac98180cfa1c9c4d6a386231580cc84ece5c9

    • SHA256

      38d204259cd5c42aa842f6dc86c9a635c1afd8c5ea3054fceb029a81697c5cbf

    • SHA512

      37ab68747005cce3fc1049e6f614f999c1a9c228c9cf3586848dc2a6f5cb5f56528596be48074f41d813a1ee550dc172590c1a2c3be4f6967d35fe477b403217

    • SSDEEP

      768:XX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTyA:Xvrx/qp8OmwxfhyVxQlBdvW4eLOL7eXM

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks