gozi | 4dd191ca0a4057956c09e115e686a75eba6088cc7625cb9beb82a243f5c852ad | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231010-kvsmgaec96
MD5

72ae8ea863e8b4786b520794f00bf083
SHA1

edbc7be3475549ad482c0ce227e6af512872b6e9
SHA256

4dd191ca0a4057956c09e115e686a75eba6088cc7625cb9beb82a243f5c852ad
SHA512

afbffedbc38493c5fe2f713786af91ba7d12737c88b0453a24ba2df3761af454d0a7351ffeed3ebafe9ce80dbef206de5474b6a545a115f3914138a4db9d584e
SSDEEP

768:/X/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTyUP:/vrx/qp8OmwxfhyVxQlBdvW4eLOL7eXa

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

193.203.162.14

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  72ae8ea863e8b4786b520794f00bf083
- SHA1
  
  edbc7be3475549ad482c0ce227e6af512872b6e9
- SHA256
  
  4dd191ca0a4057956c09e115e686a75eba6088cc7625cb9beb82a243f5c852ad
- SHA512
  
  afbffedbc38493c5fe2f713786af91ba7d12737c88b0453a24ba2df3761af454d0a7351ffeed3ebafe9ce80dbef206de5474b6a545a115f3914138a4db9d584e
- SSDEEP
  
  768:/X/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTyUP:/vrx/qp8OmwxfhyVxQlBdvW4eLOL7eXa
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2