gozi | 17bc4a9ae4fb31afa2d08995ff00d21faf66154b406d0505c65667c49e49e8f0 | Triage

Sharing

General

Target

gozi.payload-disk
Size

44KB
Sample

231012-t22cmabe5x
MD5

503fd118bd1aeef9d3b3f2cf9f34556a
SHA1

f0f57c917bf4805f3dda820a7263ac797402caa6
SHA256

17bc4a9ae4fb31afa2d08995ff00d21faf66154b406d0505c65667c49e49e8f0
SHA512

5abd2498e95b4d4276edc1babffe77bf7a7dc7ad3d1ef44ac351c722b2b3225a11a016cb7f9e6f306437aaf5cf2720a0f90f1fb53e9aa896b1572e7e574769b0
SSDEEP

768:XX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Xvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

10^/10

gozi 5050 isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  gozi.payload-disk
- Size
  
  44KB
- MD5
  
  503fd118bd1aeef9d3b3f2cf9f34556a
- SHA1
  
  f0f57c917bf4805f3dda820a7263ac797402caa6
- SHA256
  
  17bc4a9ae4fb31afa2d08995ff00d21faf66154b406d0505c65667c49e49e8f0
- SHA512
  
  5abd2498e95b4d4276edc1babffe77bf7a7dc7ad3d1ef44ac351c722b2b3225a11a016cb7f9e6f306437aaf5cf2720a0f90f1fb53e9aa896b1572e7e574769b0
- SSDEEP
  
  768:XX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Xvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2