Overview

overview

10

Static

static

3

911bb31927...e4.exe

windows7-x64

10

911bb31927...e4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d18f3fecf6d28ddd0f4cf4a9b53c0aec.bin

  • Size

    126KB

  • Sample

    231008-cv1zvabh44

  • MD5

    27485588c7daba32246ad7b23f768a52

  • SHA1

    9ea42f58b8fceeae6a7187ae3c73198a320749a7

  • SHA256

    dfe00493276b4c31eb9d9f5766e6347a08d831ca55444fefa0132675be8f050f

  • SHA512

    be79cdfd4d102485859bd739be45d47acf88b51502e47145c2f478520a71ab06dab5e5a6323bcf5733335729618aac8b0c8e4e0fc5411d201b2dc136eabe2fe8

  • SSDEEP

    3072:9qsvkWZwftpjITaXD6EFL/8+cw+KtZiwrh6w6fYK0:EGt+tp76ExKQZFrEffe

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      911bb31927c7250b4741063159cccf6549e4a28ce6b0a5043d3392c7fce401e4.exe

    • Size

      274KB

    • MD5

      d18f3fecf6d28ddd0f4cf4a9b53c0aec

    • SHA1

      05263b9ec69fcf48cc71443ba23545fabe21df12

    • SHA256

      911bb31927c7250b4741063159cccf6549e4a28ce6b0a5043d3392c7fce401e4

    • SHA512

      4629ce7f35716bd2c0fc3c14104251c6b2f3eaf07f7b35cf181654d6bc9be85bda6cb6f802b00f98c6bbb446db4790940605dcf8f8d6391282281ac029ff0512

    • SSDEEP

      3072:utyJSwPI9F4BwVVO+kjH4wjyIphvo3ZDivScpBaa4l8QU:iyrPa4BI7wuIphg3ZDi6cnA8Q

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks