gozi | 291bf5665d0171b836b5e6ed436d31c19ff68db4c8fe97a949802df68d22ad12 | Triage

Sharing

General

Target

491cae6d0db3fe37324d252588ab32ce_JaffaCakes118
Size

204KB
Sample

240516-czfjpsgf74
MD5

491cae6d0db3fe37324d252588ab32ce
SHA1

ba942f7a0fa2a76a83281cfd87537d3f929ab84c
SHA256

291bf5665d0171b836b5e6ed436d31c19ff68db4c8fe97a949802df68d22ad12
SHA512

d01df7319766fa088cd05770511d4000ce55c4bc97e4b0b7d9222b3194a3be60c12adb7efacc805458f660e81ed60afc73e50c9f8eaa452e309e4465273e1d9b
SSDEEP

6144:+1IQjw4aeKiKmaC0B4yzoXkDUCYAVqlxnuwm:+C4aeKiKmajBHsyxhQ

Score

10^/10

gozi 2411 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2411

C2

princlegislative.su/mp_xxx/front/xxx

prophosthdor.su/mp_xxx/front/xxx

xhroompjsapi.com/mp_xxx/front/xxx

Attributes

exe_type
worker
server_id
55

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  491cae6d0db3fe37324d252588ab32ce_JaffaCakes118
- Size
  
  204KB
- MD5
  
  491cae6d0db3fe37324d252588ab32ce
- SHA1
  
  ba942f7a0fa2a76a83281cfd87537d3f929ab84c
- SHA256
  
  291bf5665d0171b836b5e6ed436d31c19ff68db4c8fe97a949802df68d22ad12
- SHA512
  
  d01df7319766fa088cd05770511d4000ce55c4bc97e4b0b7d9222b3194a3be60c12adb7efacc805458f660e81ed60afc73e50c9f8eaa452e309e4465273e1d9b
- SSDEEP
  
  6144:+1IQjw4aeKiKmaC0B4yzoXkDUCYAVqlxnuwm:+C4aeKiKmajBHsyxhQ
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2