gozi | 4d81a976dde8b2ce3f3af64769c3e674f51772456c53a6e30a9cc846300b75f6 | Triage

Sharing

General

Target

2800-2-0x0000000000400000-0x000000000044A000-memory.dmp
Size

296KB
Sample

231011-n6w1taff65
MD5

c52bf0a87e5f8135c79171bf2443b5ab
SHA1

b7d00ec99b0fd984847a108b651020a8e0f3cfb6
SHA256

4d81a976dde8b2ce3f3af64769c3e674f51772456c53a6e30a9cc846300b75f6
SHA512

cf5505f166f2f9657b20ae1dd4ac4ff2dad1188985bc3701525ee321a0851bd8e13a2097cf82c60352205486ff46e45b82090c632741dc23c2534049d033f8ee
SSDEEP

3072:KrPI5jSu1rtEPrYLubTXvSQjdz1dcDSQlgrrWX3Sy47n5cmdDVDopTWO:iu1rtEPr7fXvSggT4C3Swmd5YTj

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.28

146.19.233.250

46.8.19.158

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  2800-2-0x0000000000400000-0x000000000044A000-memory.dmp
- Size
  
  296KB
- MD5
  
  c52bf0a87e5f8135c79171bf2443b5ab
- SHA1
  
  b7d00ec99b0fd984847a108b651020a8e0f3cfb6
- SHA256
  
  4d81a976dde8b2ce3f3af64769c3e674f51772456c53a6e30a9cc846300b75f6
- SHA512
  
  cf5505f166f2f9657b20ae1dd4ac4ff2dad1188985bc3701525ee321a0851bd8e13a2097cf82c60352205486ff46e45b82090c632741dc23c2534049d033f8ee
- SSDEEP
  
  3072:KrPI5jSu1rtEPrYLubTXvSQjdz1dcDSQlgrrWX3Sy47n5cmdDVDopTWO:iu1rtEPr7fXvSggT4C3Swmd5YTj
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2