Overview

overview

10

Static

static

10

217f3f9501...54.dll

windows7-x64

1

217f3f9501...54.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    217f3f9501dd5b67d1d389bbc8818f54

  • Size

    222KB

  • Sample

    231231-am97fadegj

  • MD5

    217f3f9501dd5b67d1d389bbc8818f54

  • SHA1

    c7041b835ee73f55e9a2ee6911363bd11d373808

  • SHA256

    6ebbfd8814613f8417993908a92b75bccfa8218ec48b84499b2774c27418fc63

  • SHA512

    3ed840f71432a7ab8bad57b8ad673c9995bfbbede7ab795baaca599e9b1f672e6617497ecb1919bad7a44cbb70629c0826f41492a9b10363a322e018b0f72481

  • SSDEEP

    6144:/HExb7VwvtKNbnvSxYNiyf+D3LumIy5o5H:cxb5wvtKRvSxY0G+D7uXN

Score
10/10
gozi4474isfb

Malware Config

Extracted

Family

gozi

Botnet

4474

C2

lycos.com

mail.yahoo.com

193.56.255.251

193.56.255.250

193.56.255.249

numolerunosell.online

gumolerunosell.online

rumolerunosell.online
Attributes
  • base_path

    /images/

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    worker

  • extension

    .avi

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      217f3f9501dd5b67d1d389bbc8818f54

    • Size

      222KB

    • MD5

      217f3f9501dd5b67d1d389bbc8818f54

    • SHA1

      c7041b835ee73f55e9a2ee6911363bd11d373808

    • SHA256

      6ebbfd8814613f8417993908a92b75bccfa8218ec48b84499b2774c27418fc63

    • SHA512

      3ed840f71432a7ab8bad57b8ad673c9995bfbbede7ab795baaca599e9b1f672e6617497ecb1919bad7a44cbb70629c0826f41492a9b10363a322e018b0f72481

    • SSDEEP

      6144:/HExb7VwvtKNbnvSxYNiyf+D3LumIy5o5H:cxb5wvtKRvSxY0G+D7uXN

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks