gozi | 48d140203d5a798f8d5e3139471b5fb52eba5b08e28ff7be9d268fda0fe1929e | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231009-rb8mxafd38
MD5

9058668c5247e2f56f2b248531de5b00
SHA1

2f00dc8edf5a63dad0032760abdf16fb7be17df3
SHA256

48d140203d5a798f8d5e3139471b5fb52eba5b08e28ff7be9d268fda0fe1929e
SHA512

4c199ac76f2c73c268648e0c90011f2e484088bb948d88105cb47170cb40c731d05f95196ca9daa1f2c29a895574dd2ab8f586dc6c2eebe52e3fc691e765ede0
SSDEEP

768:Ye4VA4MDErUNxWZSTcOlPyG9UGQhVS5sBm8HeDqzL7gpbBPABRFy9oTy:Ye5BmKxWZSplPyG9UGgVS5AHeD2L78oO

Score

10^/10

gozi 222001 isfb

Malware Config

Extracted

Family

gozi

Botnet

222001

C2

http://45.155.249.170

https://listwhfidte.check3.yaho1o.com

http://94.247.42.215

https://lisfwhidte.ch2eck.yaheoo.com

http://91.242.217.120

https://liset.ched3ck.bi1ng.com

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  9058668c5247e2f56f2b248531de5b00
- SHA1
  
  2f00dc8edf5a63dad0032760abdf16fb7be17df3
- SHA256
  
  48d140203d5a798f8d5e3139471b5fb52eba5b08e28ff7be9d268fda0fe1929e
- SHA512
  
  4c199ac76f2c73c268648e0c90011f2e484088bb948d88105cb47170cb40c731d05f95196ca9daa1f2c29a895574dd2ab8f586dc6c2eebe52e3fc691e765ede0
- SSDEEP
  
  768:Ye4VA4MDErUNxWZSTcOlPyG9UGQhVS5sBm8HeDqzL7gpbBPABRFy9oTy:Ye5BmKxWZSplPyG9UGgVS5AHeD2L78oO
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2