gozi | 907cad078a537569056f9f891cb1f816216ecc0c9d87fd64239eb0c2afc2f192

General

Target

907cad078a537569056f9f891cb1f816216ecc0c9d87fd64239eb0c2afc2f192.exe
Size

52KB
Sample

241126-1g7r8s1lcw
MD5

2eb8d722f08d8ce32bf9d6f63ed50f20
SHA1

059d93dfeb3bcc06cfd3979ee0dd87b1a732b0d5
SHA256

907cad078a537569056f9f891cb1f816216ecc0c9d87fd64239eb0c2afc2f192
SHA512

e1420d2aa048f8c5f71a107379135f2ba182eab8c145b688404f952fa022a1e9fa8469e4935ee7693eff74bb6b9d356700c1ae76f8fc7869ced35e7c00951385
SSDEEP

768:5b0WIVozOrCbGbwRdhH3sGSMl5WBBKyJeP0sP7GJFrVzhASpZe0:x0vVozOrCvH3sGblUBBK8eP0sPCrPe0

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
260255
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  907cad078a537569056f9f891cb1f816216ecc0c9d87fd64239eb0c2afc2f192.exe
- Size
  
  52KB
- MD5
  
  2eb8d722f08d8ce32bf9d6f63ed50f20
- SHA1
  
  059d93dfeb3bcc06cfd3979ee0dd87b1a732b0d5
- SHA256
  
  907cad078a537569056f9f891cb1f816216ecc0c9d87fd64239eb0c2afc2f192
- SHA512
  
  e1420d2aa048f8c5f71a107379135f2ba182eab8c145b688404f952fa022a1e9fa8469e4935ee7693eff74bb6b9d356700c1ae76f8fc7869ced35e7c00951385
- SSDEEP
  
  768:5b0WIVozOrCbGbwRdhH3sGSMl5WBBKyJeP0sP7GJFrVzhASpZe0:x0vVozOrCvH3sGblUBBK8eP0sPCrPe0
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2