Overview

overview

10

Static

static

10

2380-2-0x0...ry.exe

windows7-x64

1

2380-2-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2380-2-0x0000000000400000-0x0000000000450000-memory.dmp

  • Size

    320KB

  • Sample

    231011-nl1s9sca4v

  • MD5

    cb84f1af480b49710af07752b8328369

  • SHA1

    da868095720a4d71ec9206fca949d2c60070d90c

  • SHA256

    e0c078e615686a772bb6aaceec307380dd48515f1731b5516600f67b72aa8a87

  • SHA512

    26dc8e64124baf518598783f179ac96cf6abcfbf73c80461d1bd6916044d60a9d5db4ed18c8619d2dee0fc46d28a4226c62364417fbe8f1c9222e8bda7100611

  • SSDEEP

    6144:uu1P5RGJr5ffE31kwsQODpAkVyakH7lWMxNTf:3nwTf8lDsQsVyaOR5

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

netsecurez.com

whofoxy.com

mimemoa.com

ntcgo.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2380-2-0x0000000000400000-0x0000000000450000-memory.dmp

    • Size

      320KB

    • MD5

      cb84f1af480b49710af07752b8328369

    • SHA1

      da868095720a4d71ec9206fca949d2c60070d90c

    • SHA256

      e0c078e615686a772bb6aaceec307380dd48515f1731b5516600f67b72aa8a87

    • SHA512

      26dc8e64124baf518598783f179ac96cf6abcfbf73c80461d1bd6916044d60a9d5db4ed18c8619d2dee0fc46d28a4226c62364417fbe8f1c9222e8bda7100611

    • SSDEEP

      6144:uu1P5RGJr5ffE31kwsQODpAkVyakH7lWMxNTf:3nwTf8lDsQsVyaOR5

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks