gozi | eb58d415cc6c7c0fb73f03677f70dcdfa77e50dcc51be8aa038f8c27248146ae | Triage

Sharing

General

Target

JaffaCakes118_eb58d415cc6c7c0fb73f03677f70dcdfa77e50dcc51be8aa038f8c27248146ae
Size

348KB
Sample

241225-c6fhaavphr
MD5

1c89b6abab4f04bef9babba7a1ecc2fd
SHA1

55043ca8f769f4985d1aebe4e298faab58c65079
SHA256

eb58d415cc6c7c0fb73f03677f70dcdfa77e50dcc51be8aa038f8c27248146ae
SHA512

a06e1dd6169e24d279f550eea8fa2e8ed60fef7fed18efd2d2edc8d69da7794aa8ec647c53d846236feef0bd17dbd4735355ad1b87711f8273beafe8a84bbb7f
SSDEEP

768:YzD+JD0NU3JFPvEzyikFsIAgLlKbOzJKxxJrMjriweVnSB4H37hyMnQVC:YzD+R0MHic6TMlKACxOJeV5H37hLnQ0

Score

10^/10

gozi 7630 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7630

C2

nahuinado.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_eb58d415cc6c7c0fb73f03677f70dcdfa77e50dcc51be8aa038f8c27248146ae
- Size
  
  348KB
- MD5
  
  1c89b6abab4f04bef9babba7a1ecc2fd
- SHA1
  
  55043ca8f769f4985d1aebe4e298faab58c65079
- SHA256
  
  eb58d415cc6c7c0fb73f03677f70dcdfa77e50dcc51be8aa038f8c27248146ae
- SHA512
  
  a06e1dd6169e24d279f550eea8fa2e8ed60fef7fed18efd2d2edc8d69da7794aa8ec647c53d846236feef0bd17dbd4735355ad1b87711f8273beafe8a84bbb7f
- SSDEEP
  
  768:YzD+JD0NU3JFPvEzyikFsIAgLlKbOzJKxxJrMjriweVnSB4H37hyMnQVC:YzD+R0MHic6TMlKACxOJeV5H37hLnQ0
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2