gozi | 459715ab56c2aa1cc67f22b79dbb9f7340c04d78aeaec0435432b5a222178422 | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231011-n1cd8afb83
MD5

8a67b9d8a9961e78876f52cbe3cbb579
SHA1

e272e88f6acd4e6c82a3e23cad2dcb483802cc04
SHA256

459715ab56c2aa1cc67f22b79dbb9f7340c04d78aeaec0435432b5a222178422
SHA512

2687f4ed0b31d7660ea2d193092b25a523eefa867a2c5203798514f02641e1183a398dafab9cdde2a8bd3bc55c0bfee270cc088ffc217dd283fe04d432bca0bf
SSDEEP

768:uX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTykz:uvrx/qp8OmwxfhyVxQlBdvW4eLOL7eXO

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  8a67b9d8a9961e78876f52cbe3cbb579
- SHA1
  
  e272e88f6acd4e6c82a3e23cad2dcb483802cc04
- SHA256
  
  459715ab56c2aa1cc67f22b79dbb9f7340c04d78aeaec0435432b5a222178422
- SHA512
  
  2687f4ed0b31d7660ea2d193092b25a523eefa867a2c5203798514f02641e1183a398dafab9cdde2a8bd3bc55c0bfee270cc088ffc217dd283fe04d432bca0bf
- SSDEEP
  
  768:uX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTykz:uvrx/qp8OmwxfhyVxQlBdvW4eLOL7eXO
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2