gozi | c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac

General

Target

JaffaCakes118_c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac
Size

538KB
Sample

241225-cp76zatrhv
MD5

66eb9a55782af246240d338f3f347a24
SHA1

9a6b2c9e57086a9e56ac3c610cf63c917088808b
SHA256

c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac
SHA512

961cd2260329e6b2f12d70597a8b0c1bd31878f219c5611b7f5c3a9c58524b9c8916cd8ad8b12f2bec1157da9331d404c840fe289c0337b6cd19aa545abc3baa
SSDEEP

1536:W7UcWwDMbboCQc1s4f2qlalXWEj9N75mCFE:faMXoCns4f2qlalVxN75pFE

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

7555

C2

c.s-microsoft.com

ajax.googleapis.com

greatewallfirewall.xyz

185.186.244.130

booloolo2.com

37.120.222.107

Attributes

base_path
/postfix/
build
251173
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
extension
.yml
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  JaffaCakes118_c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac
- Size
  
  538KB
- MD5
  
  66eb9a55782af246240d338f3f347a24
- SHA1
  
  9a6b2c9e57086a9e56ac3c610cf63c917088808b
- SHA256
  
  c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac
- SHA512
  
  961cd2260329e6b2f12d70597a8b0c1bd31878f219c5611b7f5c3a9c58524b9c8916cd8ad8b12f2bec1157da9331d404c840fe289c0337b6cd19aa545abc3baa
- SSDEEP
  
  1536:W7UcWwDMbboCQc1s4f2qlalXWEj9N75mCFE:faMXoCns4f2qlalVxN75pFE
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2