Overview

overview

10

Static

static

10

2600-19-0x...ry.exe

windows7-x64

1

2600-19-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2600-19-0x0000000000400000-0x000000000228F000-memory.dmp

  • Size

    30.6MB

  • Sample

    231010-wzvs6shf34

  • MD5

    fcfdd5335ff299856bc1470b997d391f

  • SHA1

    d0749c03790f11f6a8dcbc180b33a03c260f03e0

  • SHA256

    c7851fbc13eee867c939b47b5b618e467c748c1e2ce200450cb7dde8da88001f

  • SHA512

    edc56cc0b7adc72506d1a2ddf7fa55daeef2fe57a88a6123ae8ab29950b70f77121420576d0c4d0fd39596395cdc1a735911d1ba312bcb3cf3f02409ece95224

  • SSDEEP

    3072:WrPI5jSu10ZLaHZ5VYnurTt/nZAsaA6eRESzHxHH3zt8l7Mjd1s0ot:mu10ZLU7VYnuF/ZdaAnEqHxn3R82s0o

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2600-19-0x0000000000400000-0x000000000228F000-memory.dmp

    • Size

      30.6MB

    • MD5

      fcfdd5335ff299856bc1470b997d391f

    • SHA1

      d0749c03790f11f6a8dcbc180b33a03c260f03e0

    • SHA256

      c7851fbc13eee867c939b47b5b618e467c748c1e2ce200450cb7dde8da88001f

    • SHA512

      edc56cc0b7adc72506d1a2ddf7fa55daeef2fe57a88a6123ae8ab29950b70f77121420576d0c4d0fd39596395cdc1a735911d1ba312bcb3cf3f02409ece95224

    • SSDEEP

      3072:WrPI5jSu10ZLaHZ5VYnurTt/nZAsaA6eRESzHxHH3zt8l7Mjd1s0ot:mu10ZLU7VYnuF/ZdaAnEqHxn3R82s0o

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks