gozi | eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57 | Triage

Resubmissions

27-10-2022 16:05

221027-tjtvtscger 10

24-10-2022 00:25

221024-aqx2aadegr 1

24-10-2022 00:25

221024-aqxqhsdec2 1

24-10-2022 00:24

221024-aqcqcadeb7 1

13-08-2022 01:18

220813-bn1j3abhdl 1

Sharing

General

Target

eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57
Size

437KB
Sample

221027-tjtvtscger
MD5

360417f75090c962adb8021dbb478f67
SHA1

5cd71ee15351c08ff35785774cc18dcaeca871c9
SHA256

eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57
SHA512

62088b203fe1eb61afbded8d64c0c00c682d421f73cbc688122c4e81a95924a648632c40ebf734d8693d5373c89bdbcf33ced5df115616dd96341414b4247390
SSDEEP

12288:MNQGRYLUC/k+JwgIMinOCCdF4F9Bn/TomHe:MNQGRQUC/ZwMO1IFq9BnU

Score

10^/10

gozi 202206061 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://daydayvin.xyz

https://gigiman.xyz

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57
- Size
  
  437KB
- MD5
  
  360417f75090c962adb8021dbb478f67
- SHA1
  
  5cd71ee15351c08ff35785774cc18dcaeca871c9
- SHA256
  
  eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57
- SHA512
  
  62088b203fe1eb61afbded8d64c0c00c682d421f73cbc688122c4e81a95924a648632c40ebf734d8693d5373c89bdbcf33ced5df115616dd96341414b4247390
- SSDEEP
  
  12288:MNQGRYLUC/k+JwgIMinOCCdF4F9Bn/TomHe:MNQGRQUC/ZwMO1IFq9BnU
Score

10^/10

gozi 202206061 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi202206061bankerldr4trojan

behavioral2

gozi202206061bankerldr4trojan