General

  • Target

    bf96986812fe58ad12783bbf087ab289

  • Size

    472KB

  • Sample

    240311-csw8waad7x

  • MD5

    bf96986812fe58ad12783bbf087ab289

  • SHA1

    28eeac47d992bb1c43c5ec5451da5f52a2a23323

  • SHA256

    5e94f313ad7f178850b93590f65926f82fa7a57b10d9a519bdffa0ff0a001830

  • SHA512

    bf7e0a840beedd31ff3aa074c88134e1f4a8db836689c519cde622ecfc153b91762a2c2e5a148cda9f52413f5ba6357e4daca9cd399a7bc9242bb9ca046cf9ab

  • SSDEEP

    12288:A8T8E11FE68XED7XZ9YG8nxua/vkfzJtCcZG:V11m/XAZv8H/cbO

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3500

C2

gtr.antoinfer.com

f1.bablefiler.at

Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      bf96986812fe58ad12783bbf087ab289

    • Size

      472KB

    • MD5

      bf96986812fe58ad12783bbf087ab289

    • SHA1

      28eeac47d992bb1c43c5ec5451da5f52a2a23323

    • SHA256

      5e94f313ad7f178850b93590f65926f82fa7a57b10d9a519bdffa0ff0a001830

    • SHA512

      bf7e0a840beedd31ff3aa074c88134e1f4a8db836689c519cde622ecfc153b91762a2c2e5a148cda9f52413f5ba6357e4daca9cd399a7bc9242bb9ca046cf9ab

    • SSDEEP

      12288:A8T8E11FE68XED7XZ9YG8nxua/vkfzJtCcZG:V11m/XAZv8H/cbO

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks