gozi | 2d54d23157e549d56edfa497620df75e4291413181f4883f91aecdfe9e38ae1a | Triage

Sharing

General

Target

JaffaCakes118_2d54d23157e549d56edfa497620df75e4291413181f4883f91aecdfe9e38ae1a
Size

56KB
Sample

241223-2h8llatnhp
MD5

957bf145eb17dd1e80ffabfe9578de02
SHA1

ab657c6b586d17dec42482660bfcf06b3e546ae1
SHA256

2d54d23157e549d56edfa497620df75e4291413181f4883f91aecdfe9e38ae1a
SHA512

4b1a5c2288d4c8b2b6c401ee27a2fe94d080e246ea28b81fc4a78a8b94c386398f1dc04eea4894567cba514069baaae5ab208784b39b2842fe1323b15d19abf2
SSDEEP

768:pWoCPLUiJVCeEvxIkFsIAto1F3+QTP1op/Bf84vcbTpadEVqzCl92+msLr:pWoM//re6Tton3+QTP1mBfI/okquPr

Score

10^/10

gozi 7626 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7626

C2

buredom.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_2d54d23157e549d56edfa497620df75e4291413181f4883f91aecdfe9e38ae1a
- Size
  
  56KB
- MD5
  
  957bf145eb17dd1e80ffabfe9578de02
- SHA1
  
  ab657c6b586d17dec42482660bfcf06b3e546ae1
- SHA256
  
  2d54d23157e549d56edfa497620df75e4291413181f4883f91aecdfe9e38ae1a
- SHA512
  
  4b1a5c2288d4c8b2b6c401ee27a2fe94d080e246ea28b81fc4a78a8b94c386398f1dc04eea4894567cba514069baaae5ab208784b39b2842fe1323b15d19abf2
- SSDEEP
  
  768:pWoCPLUiJVCeEvxIkFsIAto1F3+QTP1op/Bf84vcbTpadEVqzCl92+msLr:pWoM//re6Tton3+QTP1mBfI/okquPr
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2