gozi | 25099437b18ea0bf75fb90dbb88a5f855a82b575b9145b5acf4403c759725a1f | Triage

Sharing

General

Target

JaffaCakes118_25099437b18ea0bf75fb90dbb88a5f855a82b575b9145b5acf4403c759725a1f
Size

43KB
Sample

241224-bgwyasxnek
MD5

9a30b3d9a6136e6e62b6850ef0c2883f
SHA1

dd66e78b91ef31f896f34405b02c8aca8b00706b
SHA256

25099437b18ea0bf75fb90dbb88a5f855a82b575b9145b5acf4403c759725a1f
SHA512

e7b9018a90b9f96bd68be528d48c006ba1e4be17117168bdcc77ee16d18073be5621cebbc197e3b5c4407e26ff57e9606a282940dacfd3c5761d85bba04cc011
SSDEEP

768:WRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAk:2Ka9JI/bI7YOZcJb2pQOJH67ENcrb

Score

10^/10

gozi 7612 discovery isfb

Malware Config

Extracted

Family

gozi

Botnet

7612

C2

securezzalink.top

securezzalink.space

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_25099437b18ea0bf75fb90dbb88a5f855a82b575b9145b5acf4403c759725a1f
- Size
  
  43KB
- MD5
  
  9a30b3d9a6136e6e62b6850ef0c2883f
- SHA1
  
  dd66e78b91ef31f896f34405b02c8aca8b00706b
- SHA256
  
  25099437b18ea0bf75fb90dbb88a5f855a82b575b9145b5acf4403c759725a1f
- SHA512
  
  e7b9018a90b9f96bd68be528d48c006ba1e4be17117168bdcc77ee16d18073be5621cebbc197e3b5c4407e26ff57e9606a282940dacfd3c5761d85bba04cc011
- SSDEEP
  
  768:WRtKa9J343PPTIKyA+vgOZVGdX6Ib2HJQOJPP67g4gjpeprAk:2Ka9JI/bI7YOZcJb2pQOJH67ENcrb
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2