gozi | f611b0da56da42faaac1308d3bced4704b2d1cbd4fd373221b9ca9e700f85218 | Triage

Sharing

General

Target

6fbf4c6d0d683670acf970213d598fd4_JaffaCakes118
Size

81KB
Sample

240524-y8kqnsac92
MD5

6fbf4c6d0d683670acf970213d598fd4
SHA1

8301244356a221bc139846e09429ac4384a7c64c
SHA256

f611b0da56da42faaac1308d3bced4704b2d1cbd4fd373221b9ca9e700f85218
SHA512

0721ebbb308ff9301913a20335d7d641af4ec655a4e92b6217832d50d92db99d2084aca0d4f7adc10106347d1bbda90ad375419bc9a9df723da25a473b8eb1a9
SSDEEP

1536:P3FeiXaXH/V0u9sQvqM17Jqbhi/ndcManMu6BgX5lz59N07C40O:9n6/V0u9sQvquEMw5l19N07C

Score

10^/10

gozi 30030 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

30030

C2

62.75.195.103

62.75.195.117

Attributes

exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  6fbf4c6d0d683670acf970213d598fd4_JaffaCakes118
- Size
  
  81KB
- MD5
  
  6fbf4c6d0d683670acf970213d598fd4
- SHA1
  
  8301244356a221bc139846e09429ac4384a7c64c
- SHA256
  
  f611b0da56da42faaac1308d3bced4704b2d1cbd4fd373221b9ca9e700f85218
- SHA512
  
  0721ebbb308ff9301913a20335d7d641af4ec655a4e92b6217832d50d92db99d2084aca0d4f7adc10106347d1bbda90ad375419bc9a9df723da25a473b8eb1a9
- SSDEEP
  
  1536:P3FeiXaXH/V0u9sQvqM17Jqbhi/ndcManMu6BgX5lz59N07C40O:9n6/V0u9sQvquEMw5l19N07C
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2