gozi | 8c93ff92c849bd12cbe7e2f795bb6069833d6f66d4a865df6eb53c93eb13e115 | Triage

Sharing

General

Target

6cbdc5ea093e1708917053e590dc0d79_JaffaCakes118
Size

242KB
Sample

240724-zqdebawfnq
MD5

6cbdc5ea093e1708917053e590dc0d79
SHA1

341d731a5605ffc514874a22b509948dd4730b44
SHA256

8c93ff92c849bd12cbe7e2f795bb6069833d6f66d4a865df6eb53c93eb13e115
SHA512

02a0435e939183d95ef5c959171a356f46620fdbdf412654c46242f8b4e4aed26ea40389f1be12c144824fe6982454e8c68b27cdd32a1a8954fbd9bb62c06356
SSDEEP

6144:1mnZO0GDlypHAT/cxkDyPFXkfh+3m33c5cWjak4SSS83xx:1MZOrEpHAT/cLPF0Im3s5cWjaC/8b

Score

10^/10

gozi 3500 isfb

Malware Config

Extracted

Family

gozi

Botnet

3500

C2

art.microsoftsofymicrosoftsoft.at

r23cirt55ysvtdvl.onion

fop.langoonik.com

fog.taginoka.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

apr.intoolkom.at

mas.nagonoman.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  6cbdc5ea093e1708917053e590dc0d79_JaffaCakes118
- Size
  
  242KB
- MD5
  
  6cbdc5ea093e1708917053e590dc0d79
- SHA1
  
  341d731a5605ffc514874a22b509948dd4730b44
- SHA256
  
  8c93ff92c849bd12cbe7e2f795bb6069833d6f66d4a865df6eb53c93eb13e115
- SHA512
  
  02a0435e939183d95ef5c959171a356f46620fdbdf412654c46242f8b4e4aed26ea40389f1be12c144824fe6982454e8c68b27cdd32a1a8954fbd9bb62c06356
- SSDEEP
  
  6144:1mnZO0GDlypHAT/cxkDyPFXkfh+3m33c5cWjak4SSS83xx:1MZOrEpHAT/cLPF0Im3s5cWjaC/8b
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2