gozi | c42814a84c6b4a171c9a5b2fef5b2b883c7d25bb1ea4d14c7aa47dcfb3d58a61 | Triage

Sharing

General

Target

JaffaCakes118_c42814a84c6b4a171c9a5b2fef5b2b883c7d25bb1ea4d14c7aa47dcfb3d58a61
Size

39.1MB
Sample

241223-3rkfssvpfv
MD5

1712cb881df4cb9e2af978b72f837db0
SHA1

f20c8962e28c941074127e26190a38f40b9cdcf4
SHA256

c42814a84c6b4a171c9a5b2fef5b2b883c7d25bb1ea4d14c7aa47dcfb3d58a61
SHA512

aade1d3c6e2669371a843e5626f06f3cbecfbed0170e3a7dd29daf097b4ad4309a7abaad32dd7eafe134937e143353e0ce149f556d1ccc9f6b1291fc744d0b4a
SSDEEP

6144:Im+cXqqpi9hY6RlQ0Huoq5c4j+ysAf9F:B+cDi9hYsJHuoqKzHk

Score

10^/10

gozi 7620 isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7620

C2

statilink.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_c42814a84c6b4a171c9a5b2fef5b2b883c7d25bb1ea4d14c7aa47dcfb3d58a61
- Size
  
  39.1MB
- MD5
  
  1712cb881df4cb9e2af978b72f837db0
- SHA1
  
  f20c8962e28c941074127e26190a38f40b9cdcf4
- SHA256
  
  c42814a84c6b4a171c9a5b2fef5b2b883c7d25bb1ea4d14c7aa47dcfb3d58a61
- SHA512
  
  aade1d3c6e2669371a843e5626f06f3cbecfbed0170e3a7dd29daf097b4ad4309a7abaad32dd7eafe134937e143353e0ce149f556d1ccc9f6b1291fc744d0b4a
- SSDEEP
  
  6144:Im+cXqqpi9hY6RlQ0Huoq5c4j+ysAf9F:B+cDi9hYsJHuoqKzHk
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2