gozi | d2fc2e2b90b23c2a91e144fd8ac22668dd682f7d0145963615203d087c48aca4 | Triage

Resubmissions

27-10-2022 16:06

221027-tkf1cscfh2 10

05-07-2022 12:49

220705-p2ndjshchr 8

Sharing

General

Target

neve.zip
Size

556KB
Sample

221027-tkf1cscfh2
MD5

9f68d1a4b33e3ace6215040dc9fc73e8
SHA1

cfcbcbefd9967320a60c6890775930a0634f1341
SHA256

d2fc2e2b90b23c2a91e144fd8ac22668dd682f7d0145963615203d087c48aca4
SHA512

5b86c512d894e81c4f9533f3c9e642288256c9fbeaa175b2f3a78409616207c132898cf243bc9f55dc3f6db80e39e666373d301b6539bf2ab31353474f5b53c4
SSDEEP

12288:Nxz8UNfabvFrNIOSUBneHnYvbXb1teVcrS+guzo2I:N2io3IOSgeW7f0cW+gST

Score

10^/10

gozi 202206061 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://gigimas.xyz

https://reaso.xyz

Attributes

host_keep_time
60
host_shift_time
60
idle_time
20
request_time
10

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  neve.zip
- Size
  
  556KB
- MD5
  
  9f68d1a4b33e3ace6215040dc9fc73e8
- SHA1
  
  cfcbcbefd9967320a60c6890775930a0634f1341
- SHA256
  
  d2fc2e2b90b23c2a91e144fd8ac22668dd682f7d0145963615203d087c48aca4
- SHA512
  
  5b86c512d894e81c4f9533f3c9e642288256c9fbeaa175b2f3a78409616207c132898cf243bc9f55dc3f6db80e39e666373d301b6539bf2ab31353474f5b53c4
- SSDEEP
  
  12288:Nxz8UNfabvFrNIOSUBneHnYvbXb1teVcrS+guzo2I:N2io3IOSgeW7f0cW+gST
Score

10^/10

gozi 202206061 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi202206061bankerldr4trojan

behavioral2

gozi202206061bankerldr4trojan