gozi | e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd | Triage

Sharing

General

Target

JaffaCakes118_e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd
Size

636KB
Sample

241229-n6nz7s1lgw
MD5

d46c7c8f8aede95cb61aca120d0af77d
SHA1

4e3a91eef4c904dda7b5f2b75f3f5ae440e15885
SHA256

e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd
SHA512

3535e4b0a3dd25ba7fe3a0538f6804ec287e80d5b8fa1d98f57db6f441fb65e81e4d7e549b681deedf33caa008b024fdee1216514109694495514eda1563a4af
SSDEEP

768:qUSQB53kinvP/ycPr8mA0i2V0hhXhhjYko8FVgihBfULeY2:OQBNrX/vPrl6tYkhVVbULw

Score

10^/10

gozi 999 discovery isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd
- Size
  
  636KB
- MD5
  
  d46c7c8f8aede95cb61aca120d0af77d
- SHA1
  
  4e3a91eef4c904dda7b5f2b75f3f5ae440e15885
- SHA256
  
  e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd
- SHA512
  
  3535e4b0a3dd25ba7fe3a0538f6804ec287e80d5b8fa1d98f57db6f441fb65e81e4d7e549b681deedf33caa008b024fdee1216514109694495514eda1563a4af
- SSDEEP
  
  768:qUSQB53kinvP/ycPr8mA0i2V0hhXhhjYko8FVgihBfULeY2:OQBNrX/vPrl6tYkhVVbULw
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2