gozi | 4a57ebef93c19b92360288c2f7802ccb57c9e0d2c2e3e41068e2a3aaeb7ddb20

General

Target

4a57ebef93c19b92360288c2f7802ccb57c9e0d2c2e3e41068e2a3aaeb7ddb20N.exe
Size

52KB
Sample

241127-p9qhwa1lbk
MD5

235749dbffd58a1a71d7441c074a7380
SHA1

bff0ad576080e289773dac4c4c64f4a15529f587
SHA256

4a57ebef93c19b92360288c2f7802ccb57c9e0d2c2e3e41068e2a3aaeb7ddb20
SHA512

078968ba714f4dc671beef8de13bb24fe6ef892a773068d7b698fb7c39eece284e1e4509e7e91a4b7f7974e0ffaec5a3031857cda3b97b889b5dc4d5218d6a70
SSDEEP

768:5b0WIVozOrCbGbwRdhH3sGSMl5WBBKyJeP0sP7GJFrVzhASpZe:x0vVozOrCvH3sGblUBBK8eP0sPCrPe

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
260255
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4a57ebef93c19b92360288c2f7802ccb57c9e0d2c2e3e41068e2a3aaeb7ddb20N.exe
- Size
  
  52KB
- MD5
  
  235749dbffd58a1a71d7441c074a7380
- SHA1
  
  bff0ad576080e289773dac4c4c64f4a15529f587
- SHA256
  
  4a57ebef93c19b92360288c2f7802ccb57c9e0d2c2e3e41068e2a3aaeb7ddb20
- SHA512
  
  078968ba714f4dc671beef8de13bb24fe6ef892a773068d7b698fb7c39eece284e1e4509e7e91a4b7f7974e0ffaec5a3031857cda3b97b889b5dc4d5218d6a70
- SSDEEP
  
  768:5b0WIVozOrCbGbwRdhH3sGSMl5WBBKyJeP0sP7GJFrVzhASpZe:x0vVozOrCvH3sGblUBBK8eP0sPCrPe
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2