Overview

overview

10

Static

static

10

2208-2-0x0...ry.exe

windows7-x64

1

2208-2-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2208-2-0x0000000000400000-0x000000000044A000-memory.dmp

  • Size

    296KB

  • Sample

    231011-pcr1fagc84

  • MD5

    9bd06516d10888af5534ea79bd503f3b

  • SHA1

    f6e07434b045517463dbd196cfe55ccf2ae46c87

  • SHA256

    0482eb4e004b89930aa8c9b7cdff80dc3c587804318943d8e7b14f8bc7664ff2

  • SHA512

    eed42ab1d51fc25c13519ca1560b78f9b970008fa5eb60c57ba2e81048256e83ed81e9aafa49c4c8ac5dceb67fe5005418d41abe7f0b5c2c725bc07a7ffcda53

  • SSDEEP

    3072:KrPI5jSu1htEPrYLubT19V3A/zwsWPAwyPa5KQJVvZkShn5cbrXzTLLm:iu1htEPr7f1XmzYAwyPaocRkSQb3TO

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.28

146.19.233.250

46.8.19.158
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2208-2-0x0000000000400000-0x000000000044A000-memory.dmp

    • Size

      296KB

    • MD5

      9bd06516d10888af5534ea79bd503f3b

    • SHA1

      f6e07434b045517463dbd196cfe55ccf2ae46c87

    • SHA256

      0482eb4e004b89930aa8c9b7cdff80dc3c587804318943d8e7b14f8bc7664ff2

    • SHA512

      eed42ab1d51fc25c13519ca1560b78f9b970008fa5eb60c57ba2e81048256e83ed81e9aafa49c4c8ac5dceb67fe5005418d41abe7f0b5c2c725bc07a7ffcda53

    • SSDEEP

      3072:KrPI5jSu1htEPrYLubT19V3A/zwsWPAwyPa5KQJVvZkShn5cbrXzTLLm:iu1htEPr7f1XmzYAwyPaocRkSQb3TO

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks