Overview

overview

10

Static

static

3

archivio.exe

windows7-x64

10

archivio.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    archivio.exe

  • Size

    292KB

  • Sample

    231010-qgm3qadf8z

  • MD5

    6673269e3b97f985eaf7b1c94711eb21

  • SHA1

    9b5b5cc56b2a70e0e438f2d4b5cd212c5d42e877

  • SHA256

    84fd08c94c4bc99da0aeb4fecf9bc31f91bd52d4a6869e0e57f0acc9345e832d

  • SHA512

    940d015795829dd839a4a01c69379ac3a7e0f2e592fd3d9349dbd5d1b3e7718a907ad34fe451d848a4865e6f5506c0c38739384f43be8f4922abb873c6be8a0a

  • SSDEEP

    3072:WqB8/hdys87dQEMRoIwi6C6VmOrAMfby4zMOMQuh/a4:22f7daR+iyXJzMsu

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

45.93.139.24

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      archivio.exe

    • Size

      292KB

    • MD5

      6673269e3b97f985eaf7b1c94711eb21

    • SHA1

      9b5b5cc56b2a70e0e438f2d4b5cd212c5d42e877

    • SHA256

      84fd08c94c4bc99da0aeb4fecf9bc31f91bd52d4a6869e0e57f0acc9345e832d

    • SHA512

      940d015795829dd839a4a01c69379ac3a7e0f2e592fd3d9349dbd5d1b3e7718a907ad34fe451d848a4865e6f5506c0c38739384f43be8f4922abb873c6be8a0a

    • SSDEEP

      3072:WqB8/hdys87dQEMRoIwi6C6VmOrAMfby4zMOMQuh/a4:22f7daR+iyXJzMsu

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks