gozi | f971cf936c95557d9829293f02f284a910158674272597a51e3776041b30824d | Triage

Sharing

General

Target

JaffaCakes118_f971cf936c95557d9829293f02f284a910158674272597a51e3776041b30824d
Size

56KB
Sample

241223-t4qnxavmhp
MD5

0409f85160219c7a2188c8748a1474e5
SHA1

d378c4a4e565eee8fb6c9dfec4e1d4ac758826cf
SHA256

f971cf936c95557d9829293f02f284a910158674272597a51e3776041b30824d
SHA512

39c5b8732317f86facc03debeae27ca6dc488bea057abcadc2422995bb99ecafefedc2745aa2d6546d721ee3946d58b76bed26025790be46a4fb4d64d1f73705
SSDEEP

768:D6OvoULiSqJAhQ/yowXpERGHuJE+Aam/QDs31+Uw:D6eLp+DKVXpdHam/os3QUw

Score

10^/10

gozi 6100 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

6100

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_f971cf936c95557d9829293f02f284a910158674272597a51e3776041b30824d
- Size
  
  56KB
- MD5
  
  0409f85160219c7a2188c8748a1474e5
- SHA1
  
  d378c4a4e565eee8fb6c9dfec4e1d4ac758826cf
- SHA256
  
  f971cf936c95557d9829293f02f284a910158674272597a51e3776041b30824d
- SHA512
  
  39c5b8732317f86facc03debeae27ca6dc488bea057abcadc2422995bb99ecafefedc2745aa2d6546d721ee3946d58b76bed26025790be46a4fb4d64d1f73705
- SSDEEP
  
  768:D6OvoULiSqJAhQ/yowXpERGHuJE+Aam/QDs31+Uw:D6eLp+DKVXpdHam/os3QUw
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2