gozi | 357b7106443d70fdcc1bf936483f6ff8121f9252b70522cf025adc48fd32c39d

General

Target

357b7106443d70fdcc1bf936483f6ff8121f9252b70522cf025adc48fd32c39dN.exe
Size

43KB
Sample

241125-srekfasrev
MD5

5a3171da44b454024c4fff2dec437600
SHA1

da4c8f4deacfaf1f2f1126b979f5c07a2756e3e6
SHA256

357b7106443d70fdcc1bf936483f6ff8121f9252b70522cf025adc48fd32c39d
SHA512

11242883a8c8bc2e2f23cb5efb39a202640989e062e8185f9ca8aef501afb631d4b6e67f8820f8778f172e314c960c8b80ec8e33cc019fb00d6843392e0b988e
SSDEEP

768:5l+1igrhFtX0iSyKSG6ZKpnn9oIyxiEitCfJffbpHANSF9Ooc/1d4coqZ:eigBX0ipf1KR9o1xiEitCfDHAsF9M/AQ

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  357b7106443d70fdcc1bf936483f6ff8121f9252b70522cf025adc48fd32c39dN.exe
- Size
  
  43KB
- MD5
  
  5a3171da44b454024c4fff2dec437600
- SHA1
  
  da4c8f4deacfaf1f2f1126b979f5c07a2756e3e6
- SHA256
  
  357b7106443d70fdcc1bf936483f6ff8121f9252b70522cf025adc48fd32c39d
- SHA512
  
  11242883a8c8bc2e2f23cb5efb39a202640989e062e8185f9ca8aef501afb631d4b6e67f8820f8778f172e314c960c8b80ec8e33cc019fb00d6843392e0b988e
- SSDEEP
  
  768:5l+1igrhFtX0iSyKSG6ZKpnn9oIyxiEitCfJffbpHANSF9Ooc/1d4coqZ:eigBX0ipf1KR9o1xiEitCfDHAsF9M/AQ
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2