gozi | 4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6 | Triage

Sharing

General

Target

JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6
Size

43KB
Sample

241222-e585batnhm
MD5

911289f9c871f9406faeafb5420039cb
SHA1

97f3dbcadc1f50bd676a2672b5a4b1f324e1f00f
SHA256

4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6
SHA512

959c22dfd13319004f336f89fd16d5ae1c851eea5ccbde2f62f4bd2084925db361f44370e7d3b3753cd97dd7d48013989158905145347493c5a210821949579a
SSDEEP

768:5sLkvkJb1J1up9RNdOuZtxE5WkXQDrT+mgazC434i3z93teyS7sOMImb:uLksJbLQ/aWkXQDrTfBzC434Sz9PS7sV

Score

10^/10

gozi 3000 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246

Attributes

base_path
/drew/
build
260226
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6
- Size
  
  43KB
- MD5
  
  911289f9c871f9406faeafb5420039cb
- SHA1
  
  97f3dbcadc1f50bd676a2672b5a4b1f324e1f00f
- SHA256
  
  4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6
- SHA512
  
  959c22dfd13319004f336f89fd16d5ae1c851eea5ccbde2f62f4bd2084925db361f44370e7d3b3753cd97dd7d48013989158905145347493c5a210821949579a
- SSDEEP
  
  768:5sLkvkJb1J1up9RNdOuZtxE5WkXQDrT+mgazC434i3z93teyS7sOMImb:uLksJbLQ/aWkXQDrTfBzC434Sz9PS7sV
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2