gozi | 540aec5bbc87fba7a6c21894ea4999d04b490f64abd5cdf53896735501735532 | Triage

Sharing

General

Target

JaffaCakes118_540aec5bbc87fba7a6c21894ea4999d04b490f64abd5cdf53896735501735532
Size

38KB
Sample

241224-2t9ysszlaz
MD5

18b8cb4d69ec7c30269b0c8e6b587eb2
SHA1

14db963b30717fa09cb7ebc39a0cc5cda1a7b391
SHA256

540aec5bbc87fba7a6c21894ea4999d04b490f64abd5cdf53896735501735532
SHA512

44ceec451f7a5e0ff5e76e0c6ecd8a66bc0b65f0e9f8e35f2a5ca5162f96335363cd023246747e465349368a07288dc03d30042d1155206a7f4fcb068d77c8e3
SSDEEP

768:PnokLrDvjpBcQs5nhBoGFwfrs9BmGDXI4bFouio6:rLbjHizsiLI4WuB

Score

10^/10

gozi 1500 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_540aec5bbc87fba7a6c21894ea4999d04b490f64abd5cdf53896735501735532
- Size
  
  38KB
- MD5
  
  18b8cb4d69ec7c30269b0c8e6b587eb2
- SHA1
  
  14db963b30717fa09cb7ebc39a0cc5cda1a7b391
- SHA256
  
  540aec5bbc87fba7a6c21894ea4999d04b490f64abd5cdf53896735501735532
- SHA512
  
  44ceec451f7a5e0ff5e76e0c6ecd8a66bc0b65f0e9f8e35f2a5ca5162f96335363cd023246747e465349368a07288dc03d30042d1155206a7f4fcb068d77c8e3
- SSDEEP
  
  768:PnokLrDvjpBcQs5nhBoGFwfrs9BmGDXI4bFouio6:rLbjHizsiLI4WuB
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2