Overview

overview

10

Static

static

10

bf297503bf...23.dll

windows7-x64

1

bf297503bf...23.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9251090fce3ce31a5ca8fbe6d40257859cd262494936379c3192c360b3f6500c.zip

  • Size

    134KB

  • Sample

    250326-xaldwasps4

  • MD5

    f9e75ba71e409d86e7400e2dca68afaf

  • SHA1

    56fc654aad7f987290175eb9da66f51ba3a64c76

  • SHA256

    9251090fce3ce31a5ca8fbe6d40257859cd262494936379c3192c360b3f6500c

  • SHA512

    357c6a25b77e3fd1131f2e50d677f18d9ae7307ed29bc769e517547c8bd9c6e4c4bae927fe84795485d474d17dc2a5ad73c10698cb1310902fa2232fc7358dc9

  • SSDEEP

    3072:Fn9c/kmXAbJicpdM7VjdRfhMFJ9VRnGatGWCGc3aMUccxCo:o/6VJpSVjbpUG0GWCGgagiCo

Score
10/10
gozi1100isfb

Malware Config

Extracted

Family

gozi

Botnet

1100

C2

app.crasa.at/api1

g4xp7aanksu6qgci.onion/api1

hop.feen007.at/api1

l35sr5h5jl7xrh2q.onion/api1

gm.amaroker.at/api1

frls.amarob.xyz/api1

6buzj3jmnvrak4lh.onion/api1

cd1.novand.at/api1

ram.unici.at/api1

wrt.foreklo.at/api1
Attributes
  • build

    250180

  • exe_type

    worker

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      bf297503bf1a01bc698294d1d66c9e58512f557ff452996d2a06344de157b723.exe

    • Size

      248KB

    • MD5

      771a92dfaf7d43a0b4fef86d86391dc4

    • SHA1

      e39f04207306975f014afb41f726d2737f7e531d

    • SHA256

      bf297503bf1a01bc698294d1d66c9e58512f557ff452996d2a06344de157b723

    • SHA512

      94d5918778cb0ccbc522e59027adcba18f7399fb46ce0c5cd2c7efe6ecb97e75dc99d373c8108088d40b9539c60318497ffc6c3b2171f2ef33b26d3eca3c71b3

    • SSDEEP

      6144:upd7mNOWdt5SUTilzSyzMgeRenchFS1WwZvlH:updjWdayiVNzMgeRenGFS1W8H

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks