Overview

overview

10

Static

static

10

561a3b4217...79.exe

windows7-x64

561a3b4217...79.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79

  • Size

    424KB

  • Sample

    241221-wk7t7avqgj

  • MD5

    74de068240e3db03ee19c9d317a29934

  • SHA1

    5ceb7b29a7bca4e00fab28c4174556ca58bdb560

  • SHA256

    561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79

  • SHA512

    eba6546bbe8ee2dc5221022ff934270cc6dfb5f2eb5664f0c1225930b34a30453f72d196436761a75d452cb6e3d2c05393f5d08efe244c209f156dacb24b2bd4

  • SSDEEP

    6144:0YtGd/ySWTam85idpqgtyUKNaTBfCmevU7+t:0YgtySWTam85s/g6BfXeZt

Score
10/10
gozi202201isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

202201

C2

telemetry.skype.com

gldobermanioliusdd.ru

semenshovdobermanoba4.ru

gdobermanciluiprada8.ru

mesantospilioosd.ru

klavsantosnka93hhu8.ru

checkgosantoswahnedr.ru

stypesantosgirlsld99.ru

dasantoseikosano000.ru

rkrygliyakinaribalke.ru

klkrygliyaysiroppe0.ru

musskrygliyakatt67838.ru
Attributes
  • base_path

    /drew/

  • build

    250224

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79

    • Size

      424KB

    • MD5

      74de068240e3db03ee19c9d317a29934

    • SHA1

      5ceb7b29a7bca4e00fab28c4174556ca58bdb560

    • SHA256

      561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79

    • SHA512

      eba6546bbe8ee2dc5221022ff934270cc6dfb5f2eb5664f0c1225930b34a30453f72d196436761a75d452cb6e3d2c05393f5d08efe244c209f156dacb24b2bd4

    • SSDEEP

      6144:0YtGd/ySWTam85idpqgtyUKNaTBfCmevU7+t:0YgtySWTam85s/g6BfXeZt

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks