gozi | 580a6bccc51030cef877b8ac00ef6f9be7369a01bca7698c29c5cd1abe3f1990 | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231010-ngy4wada61
MD5

8b61f8e62b18781430b85d62c4d705b7
SHA1

1f5a45bf2905ee0d10607a6cf59a98168a995a2a
SHA256

580a6bccc51030cef877b8ac00ef6f9be7369a01bca7698c29c5cd1abe3f1990
SHA512

650f13ae83009b586f66d1009784006260368dde1ca50377aa7175d1162b45dc18fb66cbabf7848c735029b27a71e70aebc37f7c551ddd58540d1a34f41501b6
SSDEEP

768:TX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Tvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

45.93.139.24

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  8b61f8e62b18781430b85d62c4d705b7
- SHA1
  
  1f5a45bf2905ee0d10607a6cf59a98168a995a2a
- SHA256
  
  580a6bccc51030cef877b8ac00ef6f9be7369a01bca7698c29c5cd1abe3f1990
- SHA512
  
  650f13ae83009b586f66d1009784006260368dde1ca50377aa7175d1162b45dc18fb66cbabf7848c735029b27a71e70aebc37f7c551ddd58540d1a34f41501b6
- SSDEEP
  
  768:TX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Tvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2