gozi | 73db943347d62d7f5e12f0cd1cae0f4a65dab3d08ac080bd3847409162a168a8 | Triage

Sharing

General

Target

73db943347d62d7f5e12f0cd1cae0f4a65dab3d08ac080bd3847409162a168a8N.exe
Size

52KB
Sample

241124-vaf32svpap
MD5

14c91a8bb0b5ea0f144e470a9bed86b0
SHA1

14290b33fc9e4da07a4fc9b756286d1770dc07cf
SHA256

73db943347d62d7f5e12f0cd1cae0f4a65dab3d08ac080bd3847409162a168a8
SHA512

508bf36491385ac216948f9a8b5d364836558d0dc6d98b2dc4d7f74fab1d7c608b1596d6a41771d668c4478cae6f1d65d2f378853cdc3e4c35dda2e857467f71
SSDEEP

768:5CrUbqHP9JAcgh/Q4Lmtk3SsWHIu3I2a2mYMsXMr3IedMZhK3D1Gc:kQbq2h/QimNRT3BlMBr3IedMGD1Gc

Score

10^/10

gozi 7711 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  73db943347d62d7f5e12f0cd1cae0f4a65dab3d08ac080bd3847409162a168a8N.exe
- Size
  
  52KB
- MD5
  
  14c91a8bb0b5ea0f144e470a9bed86b0
- SHA1
  
  14290b33fc9e4da07a4fc9b756286d1770dc07cf
- SHA256
  
  73db943347d62d7f5e12f0cd1cae0f4a65dab3d08ac080bd3847409162a168a8
- SHA512
  
  508bf36491385ac216948f9a8b5d364836558d0dc6d98b2dc4d7f74fab1d7c608b1596d6a41771d668c4478cae6f1d65d2f378853cdc3e4c35dda2e857467f71
- SSDEEP
  
  768:5CrUbqHP9JAcgh/Q4Lmtk3SsWHIu3I2a2mYMsXMr3IedMZhK3D1Gc:kQbq2h/QimNRT3BlMBr3IedMGD1Gc
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2