gozi | 48c773c90a7f3175484442364334b7a8e6a166dfa771170b2cd9a308f59b3345 | Triage

Sharing

General

Target

251573f0000.dll.exe
Size

244KB
Sample

231010-qt4agafg58
MD5

8ae1f37abcb4cf2341c01539f5c7c1f9
SHA1

9d180586d8f52f464fa63c6a6702669b0231cb8c
SHA256

48c773c90a7f3175484442364334b7a8e6a166dfa771170b2cd9a308f59b3345
SHA512

8cc9bfbf5b43c355f6dd64159ad982fa925daab56a9578cb370bbe33b9929db9bfbf8cd2486ec83fb9a406d0d912689cdf35768b7d7982dc94dbc7e5e551eee1
SSDEEP

6144:qX72v82Wldh1KeRFSbaWrxlsw1r5tz5G:qL2v8znYSSeWr4a

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

fotexion.com

Attributes

base_path
/pictures/
exe_type
worker
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  251573f0000.dll.exe
- Size
  
  244KB
- MD5
  
  8ae1f37abcb4cf2341c01539f5c7c1f9
- SHA1
  
  9d180586d8f52f464fa63c6a6702669b0231cb8c
- SHA256
  
  48c773c90a7f3175484442364334b7a8e6a166dfa771170b2cd9a308f59b3345
- SHA512
  
  8cc9bfbf5b43c355f6dd64159ad982fa925daab56a9578cb370bbe33b9929db9bfbf8cd2486ec83fb9a406d0d912689cdf35768b7d7982dc94dbc7e5e551eee1
- SSDEEP
  
  6144:qX72v82Wldh1KeRFSbaWrxlsw1r5tz5G:qL2v8znYSSeWr4a
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2