gozi | 3981304ae7cc29ceabc5c6286b9c690915c270900d2a78464fa22f6f56729563 | Triage

Sharing

General

Target

1816-147-0x00000000132A0000-0x0000000013F42000-memory.dmp
Size

12.6MB
Sample

240527-smthssge8x
MD5

19aa54a30ff7cdf81c177161976e6cd1
SHA1

605f4d808387e68475e6fc6bc6972bfe55e8a4c8
SHA256

3981304ae7cc29ceabc5c6286b9c690915c270900d2a78464fa22f6f56729563
SHA512

29a3ce73408da7c9c06d13511fb06c85cf8c41fce4fd192f5c150bd498caef05ea3b144fa6cdf6e7043250065bb00d2252874c9bee1bf1b888a67b23d42c3cff
SSDEEP

393216:1UFKsMorXmYwtQQlTX3zxPYvkS8Yy/CmnL4:18ZXmYw6AT1QExn

Score

10^/10

gozi isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  1816-147-0x00000000132A0000-0x0000000013F42000-memory.dmp
- Size
  
  12.6MB
- MD5
  
  19aa54a30ff7cdf81c177161976e6cd1
- SHA1
  
  605f4d808387e68475e6fc6bc6972bfe55e8a4c8
- SHA256
  
  3981304ae7cc29ceabc5c6286b9c690915c270900d2a78464fa22f6f56729563
- SHA512
  
  29a3ce73408da7c9c06d13511fb06c85cf8c41fce4fd192f5c150bd498caef05ea3b144fa6cdf6e7043250065bb00d2252874c9bee1bf1b888a67b23d42c3cff
- SSDEEP
  
  393216:1UFKsMorXmYwtQQlTX3zxPYvkS8Yy/CmnL4:18ZXmYw6AT1QExn
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2