gozi | fa13e39768fdfb72af2fe96aed08adb191b925de09013702e364909e29167a30

General

Target

JaffaCakes118_fa13e39768fdfb72af2fe96aed08adb191b925de09013702e364909e29167a30
Size

174KB
Sample

241223-qp3hda1jes
MD5

1f683d3624c3f5144c14a2108d29f982
SHA1

7c2d1e61481d122cc7f48535c79832fd961fd27f
SHA256

fa13e39768fdfb72af2fe96aed08adb191b925de09013702e364909e29167a30
SHA512

d633e2f543326a46f23e905a757f83a69f0d855e0139b6d28f013440fd4e8339346f49fb6befc775a9ecc391423b1b10c053e6407f5964ff4faa0ca36306ba19
SSDEEP

3072:lI71dnLPQppM/B/W/POXMb2qlalj/FYAe/j7Ajis5t8ZS7UeaOsNsRgC7cP2favu:YVPqMY/POX3qlalpYAUQeW8feasRdc2B

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

4483

C2

lycos.com

mail.yahoo.com

37.120.222.107

185.186.247.91

185.186.245.171

dumokurenu.xyz

fumokurenu.xyz

lumokurenu.xyz

Attributes

base_path
/images/
build
250211
dga_season
10
dga_tlds
com

ru

org
exe_type
worker
extension
.avi
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  JaffaCakes118_fa13e39768fdfb72af2fe96aed08adb191b925de09013702e364909e29167a30
- Size
  
  174KB
- MD5
  
  1f683d3624c3f5144c14a2108d29f982
- SHA1
  
  7c2d1e61481d122cc7f48535c79832fd961fd27f
- SHA256
  
  fa13e39768fdfb72af2fe96aed08adb191b925de09013702e364909e29167a30
- SHA512
  
  d633e2f543326a46f23e905a757f83a69f0d855e0139b6d28f013440fd4e8339346f49fb6befc775a9ecc391423b1b10c053e6407f5964ff4faa0ca36306ba19
- SSDEEP
  
  3072:lI71dnLPQppM/B/W/POXMb2qlalj/FYAe/j7Ajis5t8ZS7UeaOsNsRgC7cP2favu:YVPqMY/POX3qlalpYAUQeW8feasRdc2B
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2