gozi | 74b57e264dd84cbb7c4e1a7eb8a8dbdb932f01ac34e48e2e6d41ab82f05c682f | Triage

Resubmissions

27-10-2022 16:06

221027-tj656acfg7 10

25-08-2022 16:02

220825-tg4bgsgbe7 1

Sharing

General

Target

test2.dll
Size

417KB
Sample

221027-tj656acfg7
MD5

bea60bab50d47f239132890a343ae84c
SHA1

370ebd02e9284576d28ed8a114b767a2bd0d14fd
SHA256

74b57e264dd84cbb7c4e1a7eb8a8dbdb932f01ac34e48e2e6d41ab82f05c682f
SHA512

6b67946fa066139caafc6bac1bbdcf8c0e2d067194dca06cf93a54f6d6ad3f2620e1f27adf06e510f5dbeda0660576a3914164b1213a441da27af36267ed082a
SSDEEP

6144:BkakVZKK4DiSqU2fEIj45A1Wkn6KLm1fEdkAdpqAeOhU1PQZukC3j+CH0sAW:XkXUCLcIj4S15RSJEdBdpYKUtQZu5zb

Score

10^/10

gozi 202208151 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

202208151

C2

https://logotep.xyz

https://vavilgo.xyz

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  test2.dll
- Size
  
  417KB
- MD5
  
  bea60bab50d47f239132890a343ae84c
- SHA1
  
  370ebd02e9284576d28ed8a114b767a2bd0d14fd
- SHA256
  
  74b57e264dd84cbb7c4e1a7eb8a8dbdb932f01ac34e48e2e6d41ab82f05c682f
- SHA512
  
  6b67946fa066139caafc6bac1bbdcf8c0e2d067194dca06cf93a54f6d6ad3f2620e1f27adf06e510f5dbeda0660576a3914164b1213a441da27af36267ed082a
- SSDEEP
  
  6144:BkakVZKK4DiSqU2fEIj45A1Wkn6KLm1fEdkAdpqAeOhU1PQZukC3j+CH0sAW:XkXUCLcIj4S15RSJEdBdpYKUtQZu5zb
Score

10^/10

gozi 202208151 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi202208151bankerldr4trojan

behavioral2

gozi202208151bankerldr4trojan