gozi | 6e981f4c8050300894b5a7e41ba18b471de5063485a67a40423a62a8cd1665a0 | Triage

Sharing

General

Target

JaffaCakes118_6e981f4c8050300894b5a7e41ba18b471de5063485a67a40423a62a8cd1665a0
Size

56KB
Sample

241222-ww3dvavrbk
MD5

e69a04e3656a3f1c82f72835aad69005
SHA1

81a1ad61dbc6fb666b1c86fc2555b4c3b91662a9
SHA256

6e981f4c8050300894b5a7e41ba18b471de5063485a67a40423a62a8cd1665a0
SHA512

939c95fcdf86567ecff633d8325f25ca3dfd47b76450440de5558ba0a956f39e75f443d119a8f8afbe098924c73330cf896a5f04f0849fe6bb822d5ed4a0f214
SSDEEP

768:BRWP6xU1Jpyivuey5eb8EvnVBosnO1T2VOYcV0HRoJvv5E:BRWyW7ya2eblt6T2VOcihv

Score

10^/10

gozi 7625 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7625

C2

sistemliner.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_6e981f4c8050300894b5a7e41ba18b471de5063485a67a40423a62a8cd1665a0
- Size
  
  56KB
- MD5
  
  e69a04e3656a3f1c82f72835aad69005
- SHA1
  
  81a1ad61dbc6fb666b1c86fc2555b4c3b91662a9
- SHA256
  
  6e981f4c8050300894b5a7e41ba18b471de5063485a67a40423a62a8cd1665a0
- SHA512
  
  939c95fcdf86567ecff633d8325f25ca3dfd47b76450440de5558ba0a956f39e75f443d119a8f8afbe098924c73330cf896a5f04f0849fe6bb822d5ed4a0f214
- SSDEEP
  
  768:BRWP6xU1Jpyivuey5eb8EvnVBosnO1T2VOYcV0HRoJvv5E:BRWyW7ya2eblt6T2VOcihv
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2