gozi | cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c | Triage

Sharing

General

Target

6b645497a72175e510164553e888443b
Size

64KB
Sample

240120-y8jhlsgea6
MD5

6b645497a72175e510164553e888443b
SHA1

55c6c5b81b35713fd833cc934b9be80d378d67b7
SHA256

cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c
SHA512

896b39ebfc5f21f3762292fdebd264ffad05ecad023d0b24c243d54f358be43abbf97eb2c2ceddaaa5b41a1e7da1218fdb2a4d44accd25fc66151d730c74a54d
SSDEEP

768:e/MqAiv8x/jkl/UagT8OCyyGAfp/SZjGjCfaURLgujh/S+enjOTKIzoCtwznW:aMqAJY23T8fDGAx/Sm0guFKQvzNiznW

Score

10^/10

gozi 8877 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net

Attributes

base_path
/jkloop/
build
250207
dga_season
10
exe_type
loader
extension
.kre
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6b645497a72175e510164553e888443b
- Size
  
  64KB
- MD5
  
  6b645497a72175e510164553e888443b
- SHA1
  
  55c6c5b81b35713fd833cc934b9be80d378d67b7
- SHA256
  
  cc35beb3f7b5fd6a38b1775f110f9ab527c90f3cf6e76b02e074dc2954955a4c
- SHA512
  
  896b39ebfc5f21f3762292fdebd264ffad05ecad023d0b24c243d54f358be43abbf97eb2c2ceddaaa5b41a1e7da1218fdb2a4d44accd25fc66151d730c74a54d
- SSDEEP
  
  768:e/MqAiv8x/jkl/UagT8OCyyGAfp/SZjGjCfaURLgujh/S+enjOTKIzoCtwznW:aMqAJY23T8fDGAx/Sm0guFKQvzNiznW
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2