gozi | e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93 | Triage

Sharing

General

Target

JaffaCakes118_e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93
Size

43KB
Sample

241222-lb5ncssmhx
MD5

7c30a730ae6a19fd39377ac70dde1aa0
SHA1

63bb79daadf84081827394ab27652436ded7b53e
SHA256

e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93
SHA512

d9366f0d50a3a335e1648811068a639b2e557cbd89e4db6747b35056564ef9228635da0476d549ce752d4be156c4069726ffc0bf3f98b55bae83287fc0e7b24b
SSDEEP

768:sRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAkD:AKa9JI/bI7YOZcJb2pQOJH67ENcrbD

Score

10^/10

gozi 7624 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

7624

C2

atmospheri.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93
- Size
  
  43KB
- MD5
  
  7c30a730ae6a19fd39377ac70dde1aa0
- SHA1
  
  63bb79daadf84081827394ab27652436ded7b53e
- SHA256
  
  e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93
- SHA512
  
  d9366f0d50a3a335e1648811068a639b2e557cbd89e4db6747b35056564ef9228635da0476d549ce752d4be156c4069726ffc0bf3f98b55bae83287fc0e7b24b
- SSDEEP
  
  768:sRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAkD:AKa9JI/bI7YOZcJb2pQOJH67ENcrbD
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2