gozi | d01013d9dbc6f31b2ae3168b323780f8f9f88029c009e05a7b561f42440cf161 | Triage

Sharing

General

Target

77e7c5676e544d3ecb6d5fa9ebc634b8
Size

242KB
Sample

240126-vj8vesacc8
MD5

77e7c5676e544d3ecb6d5fa9ebc634b8
SHA1

7fa45db5ff7113461288f7576d0b69c0cc932a4e
SHA256

d01013d9dbc6f31b2ae3168b323780f8f9f88029c009e05a7b561f42440cf161
SHA512

bbeea4619f005eece5f76e78bcc63ec8b6b4558a9f694916533ebb7f42a9a9ffb937c084c7757f50b26293b5b38e153c811cbdfa3b629425b0c5a4478c1beaca
SSDEEP

6144:QrezMySF6ymJNNDgq2L4LlcwFhR2hMX/BWEWk4SiFr:Qrc4FxmJrr2LicwlcMX/BWEWCit

Score

10^/10

gozi 1500 isfb

Malware Config

Extracted

Family

gozi

Botnet

1500

C2

app.flashgameo.at

apr.intoolkom.at

r23cirt55ysvtdvl.onion

gtk5.variyan.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

free.monotreener.com

sam.notlaren.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  77e7c5676e544d3ecb6d5fa9ebc634b8
- Size
  
  242KB
- MD5
  
  77e7c5676e544d3ecb6d5fa9ebc634b8
- SHA1
  
  7fa45db5ff7113461288f7576d0b69c0cc932a4e
- SHA256
  
  d01013d9dbc6f31b2ae3168b323780f8f9f88029c009e05a7b561f42440cf161
- SHA512
  
  bbeea4619f005eece5f76e78bcc63ec8b6b4558a9f694916533ebb7f42a9a9ffb937c084c7757f50b26293b5b38e153c811cbdfa3b629425b0c5a4478c1beaca
- SSDEEP
  
  6144:QrezMySF6ymJNNDgq2L4LlcwFhR2hMX/BWEWk4SiFr:Qrc4FxmJrr2LicwlcMX/BWEWCit
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2