Overview

overview

10

Static

static

3

d792dabb71...50.exe

windows7-x64

10

d792dabb71...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d792dabb7157f376a349132ff6e74d50

  • Size

    203KB

  • Sample

    231222-sqb3xsahh8

  • MD5

    d792dabb7157f376a349132ff6e74d50

  • SHA1

    dfc32566ca8469332519cf2bd0d913fdb3ceb699

  • SHA256

    3015f526fa6de20c4203ea89b26a067ae768b78e04ba373da8de33cf50494fb2

  • SHA512

    1160bd6fcc6715ed374c9b4e663c72bdc3fb3ec032c80cc159c8d02d700f8d8c9ee4be1975a92a8197f3cb5e7d49209195fc675c6d08a5d39622d3f7cf047cab

  • SSDEEP

    3072:6gji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:66dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      d792dabb7157f376a349132ff6e74d50

    • Size

      203KB

    • MD5

      d792dabb7157f376a349132ff6e74d50

    • SHA1

      dfc32566ca8469332519cf2bd0d913fdb3ceb699

    • SHA256

      3015f526fa6de20c4203ea89b26a067ae768b78e04ba373da8de33cf50494fb2

    • SHA512

      1160bd6fcc6715ed374c9b4e663c72bdc3fb3ec032c80cc159c8d02d700f8d8c9ee4be1975a92a8197f3cb5e7d49209195fc675c6d08a5d39622d3f7cf047cab

    • SSDEEP

      3072:6gji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:66dp4uPZzGonqXGXh0bluBc4GZ5

    Score
    10/10
    gozi3162bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks