Overview

overview

10

Static

static

3

scarica.exe

windows7-x64

10

scarica.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scarica.exe

  • Size

    215KB

  • Sample

    231012-tpaddach84

  • MD5

    24b7a0d1103f1cd63d5c50a306c28a25

  • SHA1

    11a7929ac6e59f47c8c2f8d47e4fae752a0f70fc

  • SHA256

    4151f81469e5278e9381d10485efbe66e4ca5d8c2f863aa4c3df8e577dc96614

  • SHA512

    549d24fc6b00e0a62930712063b96318f8aa31e5cac5c870582b7a04d9716f87ca0291f6e51a3dfe1e943ea9ef9f6ec68d181a2b44879f6039c4014d18181e54

  • SSDEEP

    3072:aAX04aiteLTH/KeF6JLg6l8qtm0TzXDJaqzy7dU5TqSITtyl:P04FteLjyeF6WAQyTJzy7d+qSITk

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      scarica.exe

    • Size

      215KB

    • MD5

      24b7a0d1103f1cd63d5c50a306c28a25

    • SHA1

      11a7929ac6e59f47c8c2f8d47e4fae752a0f70fc

    • SHA256

      4151f81469e5278e9381d10485efbe66e4ca5d8c2f863aa4c3df8e577dc96614

    • SHA512

      549d24fc6b00e0a62930712063b96318f8aa31e5cac5c870582b7a04d9716f87ca0291f6e51a3dfe1e943ea9ef9f6ec68d181a2b44879f6039c4014d18181e54

    • SSDEEP

      3072:aAX04aiteLTH/KeF6JLg6l8qtm0TzXDJaqzy7dU5TqSITtyl:P04FteLjyeF6WAQyTJzy7d+qSITk

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks