gozi | f42512a61e57afecc9aa65dd1359d9a87fcd1619fb5df6eb0bca208fcfb9973a

General

Target

JaffaCakes118_f42512a61e57afecc9aa65dd1359d9a87fcd1619fb5df6eb0bca208fcfb9973a
Size

38KB
Sample

241222-zg6dqsynfm
MD5

d70a86eab8b4d9a760ca72e12d032f32
SHA1

22f91652014c97569a3ff9fe9bc87fe262bd5041
SHA256

f42512a61e57afecc9aa65dd1359d9a87fcd1619fb5df6eb0bca208fcfb9973a
SHA512

2ef81d1a9cc75235ebd101c1481ec58508c86900d0edf13b0f79ea0c381ec9259e7c081c411c74e6466e2bf4fbb63a42b1dde8aed635fde382bbdfd759973df2
SSDEEP

768:sTH7lehe1iZfyVkRYgPYcMFxKWf84rNR933jMwuS789rW5It:sTH7lehjqSYF5KtEH9b789rcIt

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7406

C2

signin.microsoft.com

login.microsoft.com

keeneticline.com

keeneticline.bar

infmeetic.co

Attributes

base_path
/includes/
build
250193
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
extension
.img
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  29886509fe1c9628fa5227a052e98e5b7cd7bc04cab15f498eb884d588654b1f.dll
- Size
  
  43KB
- MD5
  
  801f793a5ce077d8535dbf9b0144ae3e
- SHA1
  
  958bc208d7459ddc369c6ee3bdc78c390043192a
- SHA256
  
  29886509fe1c9628fa5227a052e98e5b7cd7bc04cab15f498eb884d588654b1f
- SHA512
  
  1682fc11f2876a4ed60dd866982ab5df91bcfde826c6cda4a3ccbc6af9156b944cd85e9d98f4e9f02f9e9f4d77a42ceedbee4317501a9596c56011f72a431a97
- SSDEEP
  
  768:ugrMCtGv7GDHAfoD+b0yDUAL0igHe1lo145sLPftQWVI4oUVAJZSGmnsfpt:uCtBDQoD+b2C0ig+41wwP1Q/4Ch
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2