gozi | eb5dcbde491776a5abe1340f2653684ab8a0e7b0f0c68a3a7787d2e97dff329a | Triage

Sharing

General

Target

798d5713512b5cb6228138ceea7c8066.bin
Size

28KB
Sample

241106-vhk2zawnhj
MD5

1731c186e5f896842151029ae8c21b5b
SHA1

866e50bf31d4cfd61ee542251ccde50f613f5a66
SHA256

eb5dcbde491776a5abe1340f2653684ab8a0e7b0f0c68a3a7787d2e97dff329a
SHA512

c92101d1d16b834d0f148561e4f93e579c280035053b7f0724499c4c423328f7fcf241a7d175a90f9182c0acd24ffcaff0b2cdfd35076f38935df48b1303d5d5
SSDEEP

768:tiJBLWqtmjOUTAUZkZBDMUPWDcigyAltTWKd837f1dl:tjdTLZbUPWDcBRlJWR37h

Score

10^/10

gozi 3000 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.189.151.28

185.189.151.70

Attributes

base_path
/drew/
build
250229
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  413cf6a694eef7a4f1725a11938f1ab2df1957bfb3bf20cf6a47017bebbad2a9.dll
- Size
  
  43KB
- MD5
  
  798d5713512b5cb6228138ceea7c8066
- SHA1
  
  aa9197b154d0cf0ae1867e2b7befe56030c8609f
- SHA256
  
  413cf6a694eef7a4f1725a11938f1ab2df1957bfb3bf20cf6a47017bebbad2a9
- SHA512
  
  b6c55a1a4f79dab387636b0214528baa833bb71faf55218380bb308d53e617e5be7cafbe40c2aa5eda60122a37578fdc51c2c9af7c98fd81a4df2188be17c79b
- SSDEEP
  
  768:nmEpMZSMa44sl1paFt5XJ2Wt8W2rsbdcOJNm17g40NxWhTL:njMZSJ44Nt5XJ2WuWCWcOJM17YCTL
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2