gozi | 06f51291e5db3542454c188d3e55aa7dcfdba9ea264345ceac15bfb363621fe4 | Triage

Sharing

General

Target

1600-54-0x00000000000C0000-0x00000000000CE000-memory.dmp
Size

56KB
Sample

240315-hm64sacd68
MD5

c794312b40be124d1f68274fb1ff3bf3
SHA1

44d1c75a4b57087d8a44eeaf49631b08ae063725
SHA256

06f51291e5db3542454c188d3e55aa7dcfdba9ea264345ceac15bfb363621fe4
SHA512

5e987f7f977ac613a7c70837bbfb6c05af55550a4935e78945757ed65753fca2afad10ac8304629f2c41f0971b073e8123d11e2bae93e0ff1b4d14de712c567b
SSDEEP

768:A2iNu4bAqEfnJJbOghpvlyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:UYcXEfnJJSIj3V0ecfcWvYEOU/UDG

Score

10^/10

gozi 20000 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1600-54-0x00000000000C0000-0x00000000000CE000-memory.dmp
- Size
  
  56KB
- MD5
  
  c794312b40be124d1f68274fb1ff3bf3
- SHA1
  
  44d1c75a4b57087d8a44eeaf49631b08ae063725
- SHA256
  
  06f51291e5db3542454c188d3e55aa7dcfdba9ea264345ceac15bfb363621fe4
- SHA512
  
  5e987f7f977ac613a7c70837bbfb6c05af55550a4935e78945757ed65753fca2afad10ac8304629f2c41f0971b073e8123d11e2bae93e0ff1b4d14de712c567b
- SSDEEP
  
  768:A2iNu4bAqEfnJJbOghpvlyuR4LNaX+jN43XepE9sc2MW/vYF68lU/w3DZcHy:UYcXEfnJJSIj3V0ecfcWvYEOU/UDG
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2