gozi | 23e003da7dd0d811755bc57e496f81e2b226698e3f4f9410f72d898c81720da4 | Triage

Sharing

General

Target

JaffaCakes118_23e003da7dd0d811755bc57e496f81e2b226698e3f4f9410f72d898c81720da4
Size

340KB
Sample

241224-svslgazqh1
MD5

5ed1d2a027a5754bcd88f5ea2919bc41
SHA1

12ead5ef7e9e2e26bfdae73aade9cfaa0559256a
SHA256

23e003da7dd0d811755bc57e496f81e2b226698e3f4f9410f72d898c81720da4
SHA512

40c137b0ad3e42bf56e648db4f449bf029856d75c57165c601536c513425c8a46578320cd1454e51e4a073bb56d0b479c71a836682c5ef457dcc9197efc2ddb3
SSDEEP

768:6r+BA9U/JFWyvcoyIeb8EvnVBosnO1T2VOYcV0HRoJvv5:6r+y0HWSzeblt6T2VOcihv

Score

10^/10

gozi 7629 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7629

C2

jointoblog.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_23e003da7dd0d811755bc57e496f81e2b226698e3f4f9410f72d898c81720da4
- Size
  
  340KB
- MD5
  
  5ed1d2a027a5754bcd88f5ea2919bc41
- SHA1
  
  12ead5ef7e9e2e26bfdae73aade9cfaa0559256a
- SHA256
  
  23e003da7dd0d811755bc57e496f81e2b226698e3f4f9410f72d898c81720da4
- SHA512
  
  40c137b0ad3e42bf56e648db4f449bf029856d75c57165c601536c513425c8a46578320cd1454e51e4a073bb56d0b479c71a836682c5ef457dcc9197efc2ddb3
- SSDEEP
  
  768:6r+BA9U/JFWyvcoyIeb8EvnVBosnO1T2VOYcV0HRoJvv5:6r+y0HWSzeblt6T2VOcihv
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2