Overview

overview

10

Static

static

10

1952-59-0x...ry.dll

windows7-x64

1

1952-59-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1952-59-0x00000000001E0000-0x00000000001EE000-memory.dmp

  • Size

    56KB

  • Sample

    240302-qszkwseb37

  • MD5

    20d889ae2202754fee222d6034882b64

  • SHA1

    2bc2dc094318745e08e2aff6eaf3c353adb9a8e0

  • SHA256

    7ba39f029d890293c58f21f6815552a03fc0a269b53d8408be8d8154d032239e

  • SHA512

    bf51af449e7fff64e93cb94e8c57b80fb2a66b8ea06a079d04bb1bb1816fc0bbf27ad0a1e327876e7168f5a461a6e8c20779c814718e0fbf6fa51ddfec0ead51

  • SSDEEP

    768:A2KWv+A0ERCvtyC5PLHBjderMpEvpZi7/kMPWq9aky77XTm9:MWvF0ER2d5zHzeApsnI/eZDLI

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.151
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1952-59-0x00000000001E0000-0x00000000001EE000-memory.dmp

    • Size

      56KB

    • MD5

      20d889ae2202754fee222d6034882b64

    • SHA1

      2bc2dc094318745e08e2aff6eaf3c353adb9a8e0

    • SHA256

      7ba39f029d890293c58f21f6815552a03fc0a269b53d8408be8d8154d032239e

    • SHA512

      bf51af449e7fff64e93cb94e8c57b80fb2a66b8ea06a079d04bb1bb1816fc0bbf27ad0a1e327876e7168f5a461a6e8c20779c814718e0fbf6fa51ddfec0ead51

    • SSDEEP

      768:A2KWv+A0ERCvtyC5PLHBjderMpEvpZi7/kMPWq9aky77XTm9:MWvF0ER2d5zHzeApsnI/eZDLI

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks