gozi | 931926d146b09f1de8cb2da7f0eaf36b52514679eb69eb859f8b01533fb18c17 | Triage

Sharing

General

Target

JaffaCakes118_931926d146b09f1de8cb2da7f0eaf36b52514679eb69eb859f8b01533fb18c17
Size

43KB
Sample

241223-q57f9s1nav
MD5

a5bde37a6686a3165d1c72a58f3ebc6f
SHA1

e6aff7ee6736bfc0a3448c8be148d55e05f57923
SHA256

931926d146b09f1de8cb2da7f0eaf36b52514679eb69eb859f8b01533fb18c17
SHA512

d057a3bc9ee5fb7f6da87bda4d995c8beedadf8828cc4c08caca3a3711e0e402b4b33b5e04953d57cb9231952582fa92478dde351f6db985037bcc336f61428e
SSDEEP

768:ZRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAk:BKa9JI/bI7YOZcJb2pQOJH67ENcrb

Score

10^/10

gozi 7630 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

7630

C2

nahuinado.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_931926d146b09f1de8cb2da7f0eaf36b52514679eb69eb859f8b01533fb18c17
- Size
  
  43KB
- MD5
  
  a5bde37a6686a3165d1c72a58f3ebc6f
- SHA1
  
  e6aff7ee6736bfc0a3448c8be148d55e05f57923
- SHA256
  
  931926d146b09f1de8cb2da7f0eaf36b52514679eb69eb859f8b01533fb18c17
- SHA512
  
  d057a3bc9ee5fb7f6da87bda4d995c8beedadf8828cc4c08caca3a3711e0e402b4b33b5e04953d57cb9231952582fa92478dde351f6db985037bcc336f61428e
- SSDEEP
  
  768:ZRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAk:BKa9JI/bI7YOZcJb2pQOJH67ENcrb
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2