Overview

overview

10

Static

static

10

1312-57-0x...ry.dll

windows7-x64

3

1312-57-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1312-57-0x0000000000220000-0x00000000002B0000-memory.dmp

  • Size

    576KB

  • Sample

    240305-1q5dgaad9w

  • MD5

    00999d0c7441f7df98d7c51555e49b49

  • SHA1

    c82684c033dca25a5e06239dd89c26ba50290769

  • SHA256

    46b3c88f0c0b01af8133ea8f70ead6ac5728194ad6dc5fa2a28835bce5b1b0e8

  • SHA512

    b4c2df11efadafd39dbf388c2b98b9816dba2aa689a7a58aaee165a7dc984002b27e0a0d458f677f9926854061762c09cf550aee1eb8b5294cfa6be8fef6a605

  • SSDEEP

    768:B2fdU27y2VWZYmACvCsyXAXdHon1a7KLtA/+aPW0d6dfXSt8wpaJMHg4k+R:+u2+2VoYmAwyAtv7K6maPFwdf/wmSk

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.222
Attributes
  • base_path

    /jerry/

  • build

    250257

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1312-57-0x0000000000220000-0x00000000002B0000-memory.dmp

    • Size

      576KB

    • MD5

      00999d0c7441f7df98d7c51555e49b49

    • SHA1

      c82684c033dca25a5e06239dd89c26ba50290769

    • SHA256

      46b3c88f0c0b01af8133ea8f70ead6ac5728194ad6dc5fa2a28835bce5b1b0e8

    • SHA512

      b4c2df11efadafd39dbf388c2b98b9816dba2aa689a7a58aaee165a7dc984002b27e0a0d458f677f9926854061762c09cf550aee1eb8b5294cfa6be8fef6a605

    • SSDEEP

      768:B2fdU27y2VWZYmACvCsyXAXdHon1a7KLtA/+aPW0d6dfXSt8wpaJMHg4k+R:+u2+2VoYmAwyAtv7K6maPFwdf/wmSk

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks