Overview

overview

10

Static

static

10

2256-3-0x0...ry.exe

windows7-x64

1

2256-3-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2256-3-0x0000000000400000-0x000000000228F000-memory.dmp

  • Size

    30.6MB

  • Sample

    231011-n3z83afd68

  • MD5

    7f958f04b1b0ad445790386627a5ddd2

  • SHA1

    3b694da6acabcaf29c24491d6ebeb72b275c250d

  • SHA256

    db92cf037165549f00e0ab05a9ae2e7a0b720261638b84301b948209d43a8bda

  • SHA512

    e81c89e85c3251e09b2e4cff8761ed5d3b834d11bc6a7b20019124293fecf91cb6c85ec10d264876244118db2fac839c5a2a8d86e383bc92be22fcbcc0a4b9cb

  • SSDEEP

    3072:WrPI5jSu1ZZLaHZ5VYnurTt/nZAsaA6eRESzHxHH3zt8l7Mjd1X0ot:mu1ZZLU7VYnuF/ZdaAnEqHxn3R82X0o

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2256-3-0x0000000000400000-0x000000000228F000-memory.dmp

    • Size

      30.6MB

    • MD5

      7f958f04b1b0ad445790386627a5ddd2

    • SHA1

      3b694da6acabcaf29c24491d6ebeb72b275c250d

    • SHA256

      db92cf037165549f00e0ab05a9ae2e7a0b720261638b84301b948209d43a8bda

    • SHA512

      e81c89e85c3251e09b2e4cff8761ed5d3b834d11bc6a7b20019124293fecf91cb6c85ec10d264876244118db2fac839c5a2a8d86e383bc92be22fcbcc0a4b9cb

    • SSDEEP

      3072:WrPI5jSu1ZZLaHZ5VYnurTt/nZAsaA6eRESzHxHH3zt8l7Mjd1X0ot:mu1ZZLU7VYnuF/ZdaAnEqHxn3R82X0o

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks