gozi | 46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20 | Triage

Sharing

General

Target

JaffaCakes118_46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20
Size

528KB
Sample

241223-rd11va1qbz
MD5

535aa4829807f334644c0c004b915317
SHA1

39613fb1c266a68c3c6c8919b1790b11e81f3e25
SHA256

46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20
SHA512

64696f7aa7f5e33dcabd664e2f3e68c63b93013c0dd76a1c5d46560e9f7b4e4ab48400dc071da24adfb72f3fc4aac045e87390e7d2799b2fcbb72d7568cdc9fe
SSDEEP

1536:qzA3IdWuuUN0eWpPNu7iZEf1IpK7GHFV9:qzA3IdWuuUN0egPNQi27k

Score

10^/10

gozi 3000 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246

Attributes

base_path
/drew/
build
260226
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20
- Size
  
  528KB
- MD5
  
  535aa4829807f334644c0c004b915317
- SHA1
  
  39613fb1c266a68c3c6c8919b1790b11e81f3e25
- SHA256
  
  46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20
- SHA512
  
  64696f7aa7f5e33dcabd664e2f3e68c63b93013c0dd76a1c5d46560e9f7b4e4ab48400dc071da24adfb72f3fc4aac045e87390e7d2799b2fcbb72d7568cdc9fe
- SSDEEP
  
  1536:qzA3IdWuuUN0eWpPNu7iZEf1IpK7GHFV9:qzA3IdWuuUN0egPNQi27k
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2