Overview

overview

10

Static

static

10

2744-22-0x...ry.exe

windows7-x64

1

2744-22-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2744-22-0x0000000000400000-0x000000000228B000-memory.dmp

  • Size

    30.5MB

  • Sample

    231011-a8khxabe45

  • MD5

    6d9ef1fa6d64fd6133fc0a162e5d46b3

  • SHA1

    1b6e2e2af466f82d0a1b1046b2da607a0f2bcf3d

  • SHA256

    0b45242fa21ad4e5ee8821e73cdbef0b4419a123240f5e469ebc6f776b70ee7c

  • SHA512

    6299e2194a6e1e4177f01334ee7b39a35bfa5c0225d1f9e72741ee21bfe10ca71dc0be5145065d80e324dd283a36e610d75967f61f88293d39efe4e26949222b

  • SSDEEP

    3072:WrPI5jSu1VZLaHZ5VYnurTtMjH4wjyIphvo3ZDivScpBaa4l76U:mu1VZLU7VYnuFTwuIphg3ZDi6cnA76

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2744-22-0x0000000000400000-0x000000000228B000-memory.dmp

    • Size

      30.5MB

    • MD5

      6d9ef1fa6d64fd6133fc0a162e5d46b3

    • SHA1

      1b6e2e2af466f82d0a1b1046b2da607a0f2bcf3d

    • SHA256

      0b45242fa21ad4e5ee8821e73cdbef0b4419a123240f5e469ebc6f776b70ee7c

    • SHA512

      6299e2194a6e1e4177f01334ee7b39a35bfa5c0225d1f9e72741ee21bfe10ca71dc0be5145065d80e324dd283a36e610d75967f61f88293d39efe4e26949222b

    • SSDEEP

      3072:WrPI5jSu1VZLaHZ5VYnurTtMjH4wjyIphvo3ZDivScpBaa4l76U:mu1VZLU7VYnuFTwuIphg3ZDi6cnA76

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks