Overview

overview

10

Static

static

10

2692-3-0x0...ry.exe

windows7-x64

1

2692-3-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2692-3-0x0000000000400000-0x000000000228B000-memory.dmp

  • Size

    30.5MB

  • Sample

    231006-1kf4paac94

  • MD5

    bc3de21cfbff2022e45c17df0321e49e

  • SHA1

    c9338558e0d60139fa41fa4b84303b111397b9d0

  • SHA256

    02a498b3522ab7b26e560e44c28b79fa42cff19d9dd06a4b377fea8138a13500

  • SHA512

    0b34486841d3df486f42dfd75b73823f878ac1e150eb1af249d3ac9501b614489204200875526266ce9e9c0b5c4f84196aeb2cce381d17c1c5fdbcf738b91465

  • SSDEEP

    3072:WrPI5jSu1/ZLaHZ5VYnurTtMjH4wjyIphvo3ZDivScpBaa4lfoU:mu1/ZLU7VYnuFTwuIphg3ZDi6cnAfo

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2692-3-0x0000000000400000-0x000000000228B000-memory.dmp

    • Size

      30.5MB

    • MD5

      bc3de21cfbff2022e45c17df0321e49e

    • SHA1

      c9338558e0d60139fa41fa4b84303b111397b9d0

    • SHA256

      02a498b3522ab7b26e560e44c28b79fa42cff19d9dd06a4b377fea8138a13500

    • SHA512

      0b34486841d3df486f42dfd75b73823f878ac1e150eb1af249d3ac9501b614489204200875526266ce9e9c0b5c4f84196aeb2cce381d17c1c5fdbcf738b91465

    • SSDEEP

      3072:WrPI5jSu1/ZLaHZ5VYnurTtMjH4wjyIphvo3ZDivScpBaa4lfoU:mu1/ZLU7VYnuFTwuIphg3ZDi6cnAfo

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks