gozi | 20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8 | Triage

Sharing

General

Target

JaffaCakes118_20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8
Size

528KB
Sample

241224-pjzzmaxkgt
MD5

358fba9474496761d003eca6a95bdfa4
SHA1

9c35357be80b8d7e58cf6b37a254eac8ec1cb4e3
SHA256

20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8
SHA512

f562e6101926600810a4355950fb10dc9ec104ad2c1859e1b67a33164bab5694a119ca39cf71c80fd9a2920e903ef16fae593c7a95edcce5e8fc0a6b40f1137f
SSDEEP

1536:CD4P8puuUN0eWpPNu7iZEf1IpK7GHFV9:CD4P8puuUN0egPNQi27k

Score

10^/10

gozi 3000 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246

Attributes

base_path
/drew/
build
260226
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8
- Size
  
  528KB
- MD5
  
  358fba9474496761d003eca6a95bdfa4
- SHA1
  
  9c35357be80b8d7e58cf6b37a254eac8ec1cb4e3
- SHA256
  
  20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8
- SHA512
  
  f562e6101926600810a4355950fb10dc9ec104ad2c1859e1b67a33164bab5694a119ca39cf71c80fd9a2920e903ef16fae593c7a95edcce5e8fc0a6b40f1137f
- SSDEEP
  
  1536:CD4P8puuUN0eWpPNu7iZEf1IpK7GHFV9:CD4P8puuUN0egPNQi27k
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2