Overview

overview

10

Static

static

10

1056ea3dad...ef.exe

windows7-x64

10

1056ea3dad...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4de0201aa4121f4f87ff7088f5705f2df799e857ca77f31a46f7a83297e6c85c

  • Size

    32KB

  • Sample

    240419-w51llsch6t

  • MD5

    9da113cb426ba6e34af9a0381872384b

  • SHA1

    386205b8948eb97547f1b24377af4c063d73f694

  • SHA256

    4de0201aa4121f4f87ff7088f5705f2df799e857ca77f31a46f7a83297e6c85c

  • SHA512

    4eeb67b4a7cf8586ad1ba48ad8c222a39e9027a1e346ca36fc6f4fc17e08815a1b71a21922d09c998d4d7b22fa5dc74c39accf22527769d9d1b0af0ea277da0b

  • SSDEEP

    768:fQWnPBTOHawIbwxmAlOcsEfcmKlcei5wGcnN9VRp7slSIm:fQWn9fwIbW3EcsEfcmmgbcJP7sY

Score
10/10
gozi10101bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

10101

C2

trackingg-protectioon.cdn1.mozilla.net

45.8.158.104

188.127.224.114

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

iujdhsndjfks.com
Attributes
  • base_path

    /uploaded/

  • build

    250246

  • exe_type

    loader

  • extension

    .pct

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef

    • Size

      37KB

    • MD5

      ae3d7de4671718a92cdceae507d9c5e2

    • SHA1

      1bc85809ddd4411897232c691a2c866f5db67175

    • SHA256

      1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef

    • SHA512

      bb9433baa53b018356e5e164c05196a0d29213466b8ad4caf428636977b829406a01be258b5560e8c4fd69e646f564867131ba52cde860cc9d6add3c8989e488

    • SSDEEP

      768:eQLm41fM01vAPyRPq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiuMPc:eL41fMSvGAPqlaPGhVMq2LpeReOb2Pmi

    Score
    10/10
    gozi10101bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks