gozi | 9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231005-tpjxtacd7z
MD5

658528593229c2d7099caedc3221b274
SHA1

cc5bc4d4a46f7287be2adc306963ff9c435d9da6
SHA256

9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e
SHA512

7d9803e761740a2d28a061bdce439b47cdd30ec804cbf9ade2dff6ba363cd9414f4eab740c0cf82cabc5cc7c9f03b294beb39fe822273eff9ba098b41e7a5055
SSDEEP

768:wX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTymr:wvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  658528593229c2d7099caedc3221b274
- SHA1
  
  cc5bc4d4a46f7287be2adc306963ff9c435d9da6
- SHA256
  
  9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e
- SHA512
  
  7d9803e761740a2d28a061bdce439b47cdd30ec804cbf9ade2dff6ba363cd9414f4eab740c0cf82cabc5cc7c9f03b294beb39fe822273eff9ba098b41e7a5055
- SSDEEP
  
  768:wX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTymr:wvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2