gozi | 980771895c8880731bbe04e99264bcadd78d4dc9b41eee0402759d39d39c4b61 | Triage

Sharing

General

Target

fc6677c3c47e773d193ee88c76349c8b_JaffaCakes118
Size

242KB
Sample

240420-kz6d5adf7z
MD5

fc6677c3c47e773d193ee88c76349c8b
SHA1

8a1015393e301aeb77435a75749ca0608229256b
SHA256

980771895c8880731bbe04e99264bcadd78d4dc9b41eee0402759d39d39c4b61
SHA512

8a6e987105769e18a0b3717558564f10e49f6870e42905c57843ee5c91f2c0fade05ef7ed20fe96041f76b83f9a8e3e4082ad4389e14fc71f365ede25791e26e
SSDEEP

6144:tmnZO0GDlypHAT/cxkDyPFXkfh+3m33c51Wjak4SdS83x:tMZOrEpHAT/cLPF0Im3s51WjaCU8

Score

10^/10

gozi 2500 isfb

Malware Config

Extracted

Family

gozi

Botnet

2500

C2

art.microsoftsofymicrosoftsoft.at

apr.intoolkom.at

r23cirt55ysvtdvl.onion

gta5.fifatalk.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

free.monotreener.com

sam.fafona.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  fc6677c3c47e773d193ee88c76349c8b_JaffaCakes118
- Size
  
  242KB
- MD5
  
  fc6677c3c47e773d193ee88c76349c8b
- SHA1
  
  8a1015393e301aeb77435a75749ca0608229256b
- SHA256
  
  980771895c8880731bbe04e99264bcadd78d4dc9b41eee0402759d39d39c4b61
- SHA512
  
  8a6e987105769e18a0b3717558564f10e49f6870e42905c57843ee5c91f2c0fade05ef7ed20fe96041f76b83f9a8e3e4082ad4389e14fc71f365ede25791e26e
- SSDEEP
  
  6144:tmnZO0GDlypHAT/cxkDyPFXkfh+3m33c51Wjak4SdS83x:tMZOrEpHAT/cLPF0Im3s51WjaCU8
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2