Overview

overview

10

Static

static

10

2104-2-0x0...ry.exe

windows7-x64

1

2104-2-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2104-2-0x0000000000400000-0x000000000044A000-memory.dmp

  • Size

    296KB

  • Sample

    231011-n6vgzsff63

  • MD5

    813b8439f48b0581f3e97f33e2dd63aa

  • SHA1

    497ea47ee6c2c1b179b0d33d09a09d5d09eb7430

  • SHA256

    f11310615c3edb6fe985c23f34a24363f01e8d3e64cd1d1ca1b86d98a4b1b302

  • SHA512

    87e1afdba33916ac0101ced1e16306846bb92679deb11dde6e3643bde119971e4c3b77116566e9623bfb0c1c56e0ced39dc3333798d51abf2118ae98b8ed429c

  • SSDEEP

    3072:KrPI5jSu1ytEPrYLubTXvSQjdz1dcDSQlgrrWX3Sy47n5cg2DVDopTWO:iu1ytEPr7fXvSggT4C3Swg25YTj

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.28

146.19.233.250

46.8.19.158
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2104-2-0x0000000000400000-0x000000000044A000-memory.dmp

    • Size

      296KB

    • MD5

      813b8439f48b0581f3e97f33e2dd63aa

    • SHA1

      497ea47ee6c2c1b179b0d33d09a09d5d09eb7430

    • SHA256

      f11310615c3edb6fe985c23f34a24363f01e8d3e64cd1d1ca1b86d98a4b1b302

    • SHA512

      87e1afdba33916ac0101ced1e16306846bb92679deb11dde6e3643bde119971e4c3b77116566e9623bfb0c1c56e0ced39dc3333798d51abf2118ae98b8ed429c

    • SSDEEP

      3072:KrPI5jSu1ytEPrYLubTXvSQjdz1dcDSQlgrrWX3Sy47n5cg2DVDopTWO:iu1ytEPr7fXvSggT4C3Swg25YTj

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks