gozi | 61a58891888cd646a9da7b6474c58a1ac7e696ef15fd6b9d1908dd2d3f702761 | Triage

Sharing

General

Target

JaffaCakes118_61a58891888cd646a9da7b6474c58a1ac7e696ef15fd6b9d1908dd2d3f702761
Size

528KB
Sample

241223-q66ala1paq
MD5

4dfcd3cdf671d49de4d1a339f1932093
SHA1

2bea6171ab87844a714b5aa88d760231efca6857
SHA256

61a58891888cd646a9da7b6474c58a1ac7e696ef15fd6b9d1908dd2d3f702761
SHA512

5a064b10fb36cf81bf3d33a8e0bb385d8573ce02fd7a875b7f1b21102d07ff4c9570e735c0eacf0c5c2db3f83bb4dc6b31574c176c77cd1e4e24d8a80e68173c
SSDEEP

1536:ftplYiyD1uuUN0eWpPNu7iZEf1IpK7GHFV9:ftplYz1uuUN0egPNQi27k

Score

10^/10

gozi 3000 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246

Attributes

base_path
/drew/
build
260226
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_61a58891888cd646a9da7b6474c58a1ac7e696ef15fd6b9d1908dd2d3f702761
- Size
  
  528KB
- MD5
  
  4dfcd3cdf671d49de4d1a339f1932093
- SHA1
  
  2bea6171ab87844a714b5aa88d760231efca6857
- SHA256
  
  61a58891888cd646a9da7b6474c58a1ac7e696ef15fd6b9d1908dd2d3f702761
- SHA512
  
  5a064b10fb36cf81bf3d33a8e0bb385d8573ce02fd7a875b7f1b21102d07ff4c9570e735c0eacf0c5c2db3f83bb4dc6b31574c176c77cd1e4e24d8a80e68173c
- SSDEEP
  
  1536:ftplYiyD1uuUN0eWpPNu7iZEf1IpK7GHFV9:ftplYz1uuUN0egPNQi27k
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2