gozi | f020e217ba83753eec4e7b5d5fa63853f56b020ff1aff9427230206da3f5a1f6

General

Target

f020e217ba83753eec4e7b5d5fa63853f56b020ff1aff9427230206da3f5a1f6N.exe
Size

43KB
Sample

241123-dj1elssqcl
MD5

a2ca2b54c47727d943d25d1c25df3d40
SHA1

12e8a31d1832afd570e8d23d0438a2a5787c7897
SHA256

f020e217ba83753eec4e7b5d5fa63853f56b020ff1aff9427230206da3f5a1f6
SHA512

e05382c55d3b5b9d01a3aabda8bd656ec947f11018306ffc7887f4cc61aaf01d0f872af0a8bccf1fbc17d6a21c031e7c9995077cc037e84821dfef195dc08551
SSDEEP

768:f0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1Gc:f9sq8S/QEYXQIVWlvmYp6ewNu7hD1Gc

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

20000

C2

https://checklistg.google.com

http://185.189.151.250

https://edge14.microsoft.com

http://45.11.181.117

Attributes

base_path
/binaries/
build
250255
exe_type
loader
extension
.ato
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  f020e217ba83753eec4e7b5d5fa63853f56b020ff1aff9427230206da3f5a1f6N.exe
- Size
  
  43KB
- MD5
  
  a2ca2b54c47727d943d25d1c25df3d40
- SHA1
  
  12e8a31d1832afd570e8d23d0438a2a5787c7897
- SHA256
  
  f020e217ba83753eec4e7b5d5fa63853f56b020ff1aff9427230206da3f5a1f6
- SHA512
  
  e05382c55d3b5b9d01a3aabda8bd656ec947f11018306ffc7887f4cc61aaf01d0f872af0a8bccf1fbc17d6a21c031e7c9995077cc037e84821dfef195dc08551
- SSDEEP
  
  768:f0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1Gc:f9sq8S/QEYXQIVWlvmYp6ewNu7hD1Gc
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2