gozi | eb9ebd15db72965fbfb4883ba7eb441ee37999705399f57c6c15cd81ed35e308

General

Target

eb9ebd15db72965fbfb4883ba7eb441ee37999705399f57c6c15cd81ed35e308.exe
Size

43KB
Sample

241130-z2vsqsvqhx
MD5

c4b5ae2277074ae930d21864b2214a02
SHA1

2c75dc36e4b58da3d3306b37a1f8986a88f05d96
SHA256

eb9ebd15db72965fbfb4883ba7eb441ee37999705399f57c6c15cd81ed35e308
SHA512

77b74f9b594d2b435d64154d1c50985abcecb0f57492753e3f1fdf2d6efd43d9b6e55268462da59a69b22894dc34d8ab7bfe46b201771900cd9e5cad2fcb02d6
SSDEEP

768:5l+1igrhFtX0iSyKSG6ZKpnn9oIyxiEitCfJffbpHANSF9Ooc/1d4coqZO:eigBX0ipf1KR9o1xiEitCfDHAsF9M/Af

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes

base_path
/microsoft/
build
250256
exe_type
loader
extension
.acx
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  eb9ebd15db72965fbfb4883ba7eb441ee37999705399f57c6c15cd81ed35e308.exe
- Size
  
  43KB
- MD5
  
  c4b5ae2277074ae930d21864b2214a02
- SHA1
  
  2c75dc36e4b58da3d3306b37a1f8986a88f05d96
- SHA256
  
  eb9ebd15db72965fbfb4883ba7eb441ee37999705399f57c6c15cd81ed35e308
- SHA512
  
  77b74f9b594d2b435d64154d1c50985abcecb0f57492753e3f1fdf2d6efd43d9b6e55268462da59a69b22894dc34d8ab7bfe46b201771900cd9e5cad2fcb02d6
- SSDEEP
  
  768:5l+1igrhFtX0iSyKSG6ZKpnn9oIyxiEitCfJffbpHANSF9Ooc/1d4coqZO:eigBX0ipf1KR9o1xiEitCfDHAsF9M/Af
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2