Overview

overview

10

Static

static

10

1416-58-0x...ry.dll

windows7-x64

1

1416-58-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1416-58-0x00000000001F0000-0x00000000001FE000-memory.dmp

  • Size

    56KB

  • Sample

    240303-h2ctgsfe62

  • MD5

    4f81b31addb341c6a35d3b01b2025e8a

  • SHA1

    14742e07ca600dfd009a15f5ec7884cd0ffa6a36

  • SHA256

    1b4193409f97394db766eaeb33397bb879409f03cab7e54dc1f9a09c28697a31

  • SHA512

    c501ae7936922ac0646046bd27c2a46858f9b9e592c7c45b88f6f0678961434748634f9a6e91251bd82a6b583f5eb74bf6916729a495bc18c8a22ebb4b213bfd

  • SSDEEP

    768:A2R1W1xm3L4xvRy5NGQgGoKItuFe666yuwyF8sj1YsFVOZd43HmIt6J:PMbm3L4f2oKItuLn3kfsLs9/

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.201
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1416-58-0x00000000001F0000-0x00000000001FE000-memory.dmp

    • Size

      56KB

    • MD5

      4f81b31addb341c6a35d3b01b2025e8a

    • SHA1

      14742e07ca600dfd009a15f5ec7884cd0ffa6a36

    • SHA256

      1b4193409f97394db766eaeb33397bb879409f03cab7e54dc1f9a09c28697a31

    • SHA512

      c501ae7936922ac0646046bd27c2a46858f9b9e592c7c45b88f6f0678961434748634f9a6e91251bd82a6b583f5eb74bf6916729a495bc18c8a22ebb4b213bfd

    • SSDEEP

      768:A2R1W1xm3L4xvRy5NGQgGoKItuFe666yuwyF8sj1YsFVOZd43HmIt6J:PMbm3L4f2oKItuLn3kfsLs9/

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks