General

  • Target

    gozi.payload-disk

  • Size

    44KB

  • Sample

    231005-tpjxtacd7z

  • MD5

    658528593229c2d7099caedc3221b274

  • SHA1

    cc5bc4d4a46f7287be2adc306963ff9c435d9da6

  • SHA256

    9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e

  • SHA512

    7d9803e761740a2d28a061bdce439b47cdd30ec804cbf9ade2dff6ba363cd9414f4eab740c0cf82cabc5cc7c9f03b294beb39fe822273eff9ba098b41e7a5055

  • SSDEEP

    768:wX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTymr:wvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      44KB

    • MD5

      658528593229c2d7099caedc3221b274

    • SHA1

      cc5bc4d4a46f7287be2adc306963ff9c435d9da6

    • SHA256

      9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e

    • SHA512

      7d9803e761740a2d28a061bdce439b47cdd30ec804cbf9ade2dff6ba363cd9414f4eab740c0cf82cabc5cc7c9f03b294beb39fe822273eff9ba098b41e7a5055

    • SSDEEP

      768:wX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTymr:wvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

    Score
    1/10

MITRE ATT&CK Matrix

Tasks