gozi | d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6 | Triage

Sharing

General

Target

d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6.exe
Size

52KB
Sample

241126-jmr6as1ph1
MD5

43a36f34011932ba60f927ca76e3f93c
SHA1

d5ab02ab963b03b6308a2a44506a6cdfc16b7262
SHA256

d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6
SHA512

37b07eccd3b0f527953b82739fe69a799d386351cea335aeab41aeff862e8015be9c624c4bf8c9658f0f1906b08a80f102a7071cfd2439dad00ff31e61b6364d
SSDEEP

768:5CrUbqHP9JAcgh/Q4Lmtk3SsWHIu3I2a2mYMsXMr3IedMZhK3D1Gc4:kQbq2h/QimNRT3BlMBr3IedMGD1Gc4

Score

10^/10

gozi 7711 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6.exe
- Size
  
  52KB
- MD5
  
  43a36f34011932ba60f927ca76e3f93c
- SHA1
  
  d5ab02ab963b03b6308a2a44506a6cdfc16b7262
- SHA256
  
  d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6
- SHA512
  
  37b07eccd3b0f527953b82739fe69a799d386351cea335aeab41aeff862e8015be9c624c4bf8c9658f0f1906b08a80f102a7071cfd2439dad00ff31e61b6364d
- SSDEEP
  
  768:5CrUbqHP9JAcgh/Q4Lmtk3SsWHIu3I2a2mYMsXMr3IedMZhK3D1Gc4:kQbq2h/QimNRT3BlMBr3IedMGD1Gc4
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2