Overview

overview

10

Static

static

10

1260-5-0x0...ry.exe

windows7-x64

1260-5-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1260-5-0x0000000000400000-0x000000000040F000-memory.dmp

  • Size

    60KB

  • Sample

    231010-d2388ace65

  • MD5

    49e3641cf09cd7dc5c72c5ee48c76e1c

  • SHA1

    e9c19f598bfddd1187ca53d8c42ad3189934255e

  • SHA256

    f6ddc4cbdf5413be6521839a0d37e41c0d2ef339c13ef9007608abcf9ed615bf

  • SHA512

    50983b011dd38c51d6c355069ff9b55f50a50dab8aab682fb3bf578eec473eed1edd45ddbad400fe585a39dd572b14b0461678448fe029d8103f93aaf49d2d33

  • SSDEEP

    768:KA3rPI5jShpW1vYwlZlyh8Kl7aQixYgxYJmv0NHY7lbI+gFfp:Z3rPI5jSu1tZliVJaf3C7YJI+ufp

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

http://iextrawebty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1260-5-0x0000000000400000-0x000000000040F000-memory.dmp

    • Size

      60KB

    • MD5

      49e3641cf09cd7dc5c72c5ee48c76e1c

    • SHA1

      e9c19f598bfddd1187ca53d8c42ad3189934255e

    • SHA256

      f6ddc4cbdf5413be6521839a0d37e41c0d2ef339c13ef9007608abcf9ed615bf

    • SHA512

      50983b011dd38c51d6c355069ff9b55f50a50dab8aab682fb3bf578eec473eed1edd45ddbad400fe585a39dd572b14b0461678448fe029d8103f93aaf49d2d33

    • SSDEEP

      768:KA3rPI5jShpW1vYwlZlyh8Kl7aQixYgxYJmv0NHY7lbI+gFfp:Z3rPI5jSu1tZliVJaf3C7YJI+ufp

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks