Overview

overview

10

Static

static

10

95b5482d12...5d.dll

windows7-x64

1

95b5482d12...5d.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95b5482d12c92ac94f18fe25764cde5d

  • Size

    223KB

  • Sample

    240211-31fh7sef48

  • MD5

    95b5482d12c92ac94f18fe25764cde5d

  • SHA1

    98dc5dcbadfdccf46d1934c1f14015cec146dae7

  • SHA256

    de2d82210220e186b6fc0ae8347ea3d4184c13418ef0e4454c3f9d3fd64c7642

  • SHA512

    8153152310ffa2a159d8992b7c298799295ed9c259076021734a75a41b3838fa7c97dfa66b848e050cb347e79d3f61cdd65cf9a6b039fc2f09e74f06be06ac47

  • SSDEEP

    6144:dHExb7VwvtKNbnvSxYNiyf+D3LuDXy5xHQ:Kxb5wvtKRvSxY0G+D7urkQ

Score
10/10
gozi1001isfb

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

updates.esset.com

jensjen.in

strongbilt.cc

drauduburr.ws

besstrown.cn

druckenshtalen.mn

grantedii.co

loudam62.tk

libricee.in

burbasoftw.pw

waiseen.io

trumphujtebevrot.bit

ymxslfmppjcvwkrjtfnr.co

ohnjjxasfxgxiakhtohn.in

hnhccsotdqftyicvossk.at

xcgrdxcmfirfvignnfea.ws

umvwdtbenbinronbohcc.pw
Attributes
  • base_path

    /images/

  • dga_season

    10

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    worker

  • extension

    .avi

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      95b5482d12c92ac94f18fe25764cde5d

    • Size

      223KB

    • MD5

      95b5482d12c92ac94f18fe25764cde5d

    • SHA1

      98dc5dcbadfdccf46d1934c1f14015cec146dae7

    • SHA256

      de2d82210220e186b6fc0ae8347ea3d4184c13418ef0e4454c3f9d3fd64c7642

    • SHA512

      8153152310ffa2a159d8992b7c298799295ed9c259076021734a75a41b3838fa7c97dfa66b848e050cb347e79d3f61cdd65cf9a6b039fc2f09e74f06be06ac47

    • SSDEEP

      6144:dHExb7VwvtKNbnvSxYNiyf+D3LuDXy5xHQ:Kxb5wvtKRvSxY0G+D7urkQ

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks