gozi | c0d7e8fdc01774859e64b3bf827cefa7800391db0b8fe52028ea738182f18ad4 | Triage

Sharing

General

Target

4bd3b41d373e85a5478838040fc56f50
Size

54KB
Sample

240108-s6sqlscgfl
MD5

4bd3b41d373e85a5478838040fc56f50
SHA1

d11b606daf2f2909320afc672797372683c1362e
SHA256

c0d7e8fdc01774859e64b3bf827cefa7800391db0b8fe52028ea738182f18ad4
SHA512

8f88346f6ee4b706ccddb46e60190d4b29d0318d5d6ae517a61bf4ccb03cb0e77c11f7691d437af12603c75ddcce80202efddabebde17bf96e95e32eb0be072f
SSDEEP

1536:81EAiXqlalXCloEQc1g6m6W6xVKV4OQrnP:81EAiXqlalGoEnqCPs4OQj

Score

10^/10

gozi 1001 isfb

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

update1.avast.com

zilbon.ws

update2.avira.com

lumpet.co

emerald.ws

ferroun.in

Attributes

base_path
/sreamble/
build
250207
dga_season
10
exe_type
loader
extension
.sre
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4bd3b41d373e85a5478838040fc56f50
- Size
  
  54KB
- MD5
  
  4bd3b41d373e85a5478838040fc56f50
- SHA1
  
  d11b606daf2f2909320afc672797372683c1362e
- SHA256
  
  c0d7e8fdc01774859e64b3bf827cefa7800391db0b8fe52028ea738182f18ad4
- SHA512
  
  8f88346f6ee4b706ccddb46e60190d4b29d0318d5d6ae517a61bf4ccb03cb0e77c11f7691d437af12603c75ddcce80202efddabebde17bf96e95e32eb0be072f
- SSDEEP
  
  1536:81EAiXqlalXCloEQc1g6m6W6xVKV4OQrnP:81EAiXqlalGoEnqCPs4OQj
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2