gozi | d3b47982dc74bc3984e515dcad6787014924f1e941b3ef71b7a83c39742a0979 | Triage

Sharing

General

Target

JaffaCakes118_d3b47982dc74bc3984e515dcad6787014924f1e941b3ef71b7a83c39742a0979
Size

38KB
Sample

241225-cx7v6svlav
MD5

a7228c0eb847cd8f0cc03a75d20b3a03
SHA1

1f1b1e0556f50c7241a3faeb1c2ca32cb4c9ec74
SHA256

d3b47982dc74bc3984e515dcad6787014924f1e941b3ef71b7a83c39742a0979
SHA512

6f82f50c60ea2916a9b4cb201ceb9029298f8e03ad3223ddd388c4697c9c2e0750d4ff4f91ebf8f9d98c71059c639a96f11677faffed19a052b793b220dd1d42
SSDEEP

768:FrKB00gb5/EzMAogX6OP4jk5CzWh7g/zGOjUI1cLB7EGhy3tCgn5zUM:Vn0gb5/4MALrdQzQ7g/zBV1KqdtC25zL

Score

10^/10

gozi 4463 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4463

C2

1.microsoft.com

silugerude.xyz

vilugerude.xyz

Attributes

base_path
/palok/
build
250193
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
extension
.trb
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  35bef39478577d735b1c8104f5800e95d73487284c89b281283e4c117688bd92.dll
- Size
  
  43KB
- MD5
  
  434b3d419af30403f6679f0578e9ed44
- SHA1
  
  089b875bca3e06156cdf0166896b2f1a9f64de58
- SHA256
  
  35bef39478577d735b1c8104f5800e95d73487284c89b281283e4c117688bd92
- SHA512
  
  5813f0b03db301595e533f65d0293b0488c5c27192b70f42f6f115e104eac63276571e1ceb7e2ae0214dc4f5aca2312fa03b8218c79de1045fc1661687b0f665
- SSDEEP
  
  768:LB8/jsvvTTnDDHB6N1XRMPWDY1cszRpC1EYQP8zMxNX1qy/MI4kJP2E4Ws4xKOpC:L6/jCDh6N1XYWDwzWxQkzMz1qUM3inaT
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2