Overview

overview

10

Static

static

10

038ec883e8...3f.dll

windows7-x64

1

038ec883e8...3f.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    038ec883e88a6bd5c8d463d0fd83c63f

  • Size

    223KB

  • Sample

    231229-zkk7zaffap

  • MD5

    038ec883e88a6bd5c8d463d0fd83c63f

  • SHA1

    691362d6ed6f2d1c585c5f58eb102e2680a7604b

  • SHA256

    19d751d21d2767150e79258084727da36cc2203ccfb79a66d9973b8ea5c3f862

  • SHA512

    f1d2a3c8472991ce1900b63905803abe62f019f22e4b94c81d8e02665264aedf573cf8b9ae9c6af0644b46512c62c89acaff51f699bb3715c9e2ca0b45bdec36

  • SSDEEP

    6144:dHExb7VwvtKNbnvSxYNiyf+D3LuDXy5aHQ:Kxb5wvtKRvSxY0G+D7urTQ

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

updates.esset.com

jensjen.in

strongbilt.cc

drauduburr.ws

besstrown.cn

druckenshtalen.mn

grantedii.co

loudam62.tk

libricee.in

burbasoftw.pw

waiseen.io

trumphujtebevrot.bit

ymxslfmppjcvwkrjtfnr.co

ohnjjxasfxgxiakhtohn.in

hnhccsotdqftyicvossk.at

xcgrdxcmfirfvignnfea.ws

umvwdtbenbinronbohcc.pw
Attributes
  • base_path

    /images/

  • dga_season

    10

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    worker

  • extension

    .avi

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      038ec883e88a6bd5c8d463d0fd83c63f

    • Size

      223KB

    • MD5

      038ec883e88a6bd5c8d463d0fd83c63f

    • SHA1

      691362d6ed6f2d1c585c5f58eb102e2680a7604b

    • SHA256

      19d751d21d2767150e79258084727da36cc2203ccfb79a66d9973b8ea5c3f862

    • SHA512

      f1d2a3c8472991ce1900b63905803abe62f019f22e4b94c81d8e02665264aedf573cf8b9ae9c6af0644b46512c62c89acaff51f699bb3715c9e2ca0b45bdec36

    • SSDEEP

      6144:dHExb7VwvtKNbnvSxYNiyf+D3LuDXy5aHQ:Kxb5wvtKRvSxY0G+D7urTQ

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks