Overview

overview

10

Static

static

10

320-2-0x00...ry.exe

windows7-x64

1

320-2-0x00...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    320-2-0x0000000000400000-0x000000000228F000-memory.dmp

  • Size

    30.6MB

  • Sample

    231011-lchj8aff93

  • MD5

    2b630efbe7c14b5cfc89b4863fef2459

  • SHA1

    cfb48661b8bdfbc0ee9b6490ed436bc8e64e6010

  • SHA256

    bbc3521fc489abf0b62621adcc8d34b86d6a06c8668719ca6394f703432cbe01

  • SHA512

    788c5a5c81d5068af8f3fe1adaa0e0fe28f878940da86e7c880753961922404680e631e762de9ef94fd7ee419b9a3b48d02593a234c11255e4f2ca75b3e7524b

  • SSDEEP

    3072:WrPI5jSu1kZLaHZ5VYnurTt9epeDNbuSTTNG9AMY8q4LCvr4cot:mu1kZLU7VYnuF9epeZTNG+MTasco

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      320-2-0x0000000000400000-0x000000000228F000-memory.dmp

    • Size

      30.6MB

    • MD5

      2b630efbe7c14b5cfc89b4863fef2459

    • SHA1

      cfb48661b8bdfbc0ee9b6490ed436bc8e64e6010

    • SHA256

      bbc3521fc489abf0b62621adcc8d34b86d6a06c8668719ca6394f703432cbe01

    • SHA512

      788c5a5c81d5068af8f3fe1adaa0e0fe28f878940da86e7c880753961922404680e631e762de9ef94fd7ee419b9a3b48d02593a234c11255e4f2ca75b3e7524b

    • SSDEEP

      3072:WrPI5jSu1kZLaHZ5VYnurTt9epeDNbuSTTNG9AMY8q4LCvr4cot:mu1kZLU7VYnuF9epeZTNG+MTasco

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks