gozi | 9e5c04e473418dc89e791346a293037f9f0c7462ba652286f5ffb34df98a00e9 | Triage

Sharing

General

Target

JaffaCakes118_9e5c04e473418dc89e791346a293037f9f0c7462ba652286f5ffb34df98a00e9
Size

340KB
Sample

241224-xnj3zavkdj
MD5

73f78e523dc7b85796cfa7cfbfb7e612
SHA1

cf3e1f4b7a565e9049afe16f09e02e35f4a5fc9f
SHA256

9e5c04e473418dc89e791346a293037f9f0c7462ba652286f5ffb34df98a00e9
SHA512

d1ba66756e6d46bb29ad4d512fc67e5e467254ceb6e2410a10545d1014ec2d9786ef39cd5d67d248f6b3e24b9729850fb5166454eb02ce2c4f696926a15e8138
SSDEEP

768:67+IGQ9UPJlwvMoyIeb8EvnVBosnO1T2VOYcV0HRoJvv5:67+ykn8zeblt6T2VOcihv

Score

10^/10

gozi 7629 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7629

C2

jointoblog.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_9e5c04e473418dc89e791346a293037f9f0c7462ba652286f5ffb34df98a00e9
- Size
  
  340KB
- MD5
  
  73f78e523dc7b85796cfa7cfbfb7e612
- SHA1
  
  cf3e1f4b7a565e9049afe16f09e02e35f4a5fc9f
- SHA256
  
  9e5c04e473418dc89e791346a293037f9f0c7462ba652286f5ffb34df98a00e9
- SHA512
  
  d1ba66756e6d46bb29ad4d512fc67e5e467254ceb6e2410a10545d1014ec2d9786ef39cd5d67d248f6b3e24b9729850fb5166454eb02ce2c4f696926a15e8138
- SSDEEP
  
  768:67+IGQ9UPJlwvMoyIeb8EvnVBosnO1T2VOYcV0HRoJvv5:67+ykn8zeblt6T2VOcihv
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2