gozi | e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2 | Triage

Sharing

General

Target

JaffaCakes118_e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2
Size

43KB
Sample

241223-yrcczazkdy
MD5

21e836bd521081f8b97c3e5a31822afe
SHA1

fec35c2a1f2d362356573b25f0dd4a50c7be842e
SHA256

e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2
SHA512

c27856e4c417ff414c9365d68276a6678449886ac95bb99051fe61024fe2493c01cdd40789e89a0d047d18419db6fcd8085b7876cff3dbc8cd54f4623a6b3977
SSDEEP

768:qRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAkz:SKa9JI/bI7YOZcJb2pQOJH67ENcrbz

Score

10^/10

gozi 7613 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

7613

C2

interlines.top

interlines.space

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2
- Size
  
  43KB
- MD5
  
  21e836bd521081f8b97c3e5a31822afe
- SHA1
  
  fec35c2a1f2d362356573b25f0dd4a50c7be842e
- SHA256
  
  e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2
- SHA512
  
  c27856e4c417ff414c9365d68276a6678449886ac95bb99051fe61024fe2493c01cdd40789e89a0d047d18419db6fcd8085b7876cff3dbc8cd54f4623a6b3977
- SSDEEP
  
  768:qRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAkz:SKa9JI/bI7YOZcJb2pQOJH67ENcrbz
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2