Analysis
-
max time kernel
141s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2023 14:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
portfolio_JC.exe
Resource
win7-20230831-en
windows7-x64
1 signatures
150 seconds
General
-
Target
portfolio_JC.exe
-
Size
215KB
-
MD5
323ae1b1d1832e5d5c13ee6fbfe65a4d
-
SHA1
ee1f0aedbaacf442923aa03387759f334f04fea8
-
SHA256
9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29
-
SHA512
8cf35cc1a2d2919119c0511a5c5479bbcfa8a4e48a55bee2928c0acf28827a32585aaef5a246256eabfd6899bdfbe5fba238dfb84d5b87cd79aa791421fb275a
-
SSDEEP
6144:Qoj4vGLREu+64zIMHQRWsZA0Dlgd00Tk:QE2u+64NHqZAqlZ8
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
https://avas1ta.com/in/login/
192.121.22.216
http://mimemoa.com
Attributes
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain