gozi | 2d59a46827d92b7654c785a6f79a6256d399b7764fa3b6dc9c4d993b2c9693ce | Triage

Sharing

General

Target

JaffaCakes118_2d59a46827d92b7654c785a6f79a6256d399b7764fa3b6dc9c4d993b2c9693ce
Size

43KB
Sample

241222-p1nmxsyqhq
MD5

268e113bca9a9aa2e62824ac6518a277
SHA1

ac65ddf71f623103a1071bcebea88ed258c25533
SHA256

2d59a46827d92b7654c785a6f79a6256d399b7764fa3b6dc9c4d993b2c9693ce
SHA512

773672dc51734cf54bab7d985085f91ae1f9971be6eb73b2e6ec9eacd70ddb96e8f46da302724681fb2dc8e76f814a1596cc75a80392b66fe17d0d3f027170c4
SSDEEP

768:5oDIq0MrJBk0+1XZtg2+JUqBbqDHqF1I7p4lNimySSO3Wo/x93Y1KsySVBnl:32J9+1Xb7+JNeDqF1I7+lNimD3Wcx9oL

Score

10^/10

gozi 777999 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

777999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250225
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_2d59a46827d92b7654c785a6f79a6256d399b7764fa3b6dc9c4d993b2c9693ce
- Size
  
  43KB
- MD5
  
  268e113bca9a9aa2e62824ac6518a277
- SHA1
  
  ac65ddf71f623103a1071bcebea88ed258c25533
- SHA256
  
  2d59a46827d92b7654c785a6f79a6256d399b7764fa3b6dc9c4d993b2c9693ce
- SHA512
  
  773672dc51734cf54bab7d985085f91ae1f9971be6eb73b2e6ec9eacd70ddb96e8f46da302724681fb2dc8e76f814a1596cc75a80392b66fe17d0d3f027170c4
- SSDEEP
  
  768:5oDIq0MrJBk0+1XZtg2+JUqBbqDHqF1I7p4lNimySSO3Wo/x93Y1KsySVBnl:32J9+1Xb7+JNeDqF1I7+lNimD3Wcx9oL
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2