Overview

overview

10

Static

static

10

main.exe

windows7-x64

10

main.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.exe

  • Size

    37KB

  • Sample

    221116-bgm1dsce6y

  • MD5

    9676298f24c8cdd4b532ac027a00f60e

  • SHA1

    8d0bd57712533f1a889627706925c17ed4347ce5

  • SHA256

    0f5cce66023859e9d7e3f54b78e95bf09618db5ed01fe05b765d76ab156271da

  • SHA512

    525b70896530a60cf58de64e8052ef2a8eb5ccc73d86fcd1f55d4850e682e3ff44c7ebc18ab029fc479b75a9a0083765c314c542b356d7ef8a7e7e493f13e7fd

  • SSDEEP

    768:/QLm41fM01vAqyRrlpItKFyr8MS1g7/s1w70anLq:/L41fMSvXArbYVrO0/saLq

Score
10/10
gozi5bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5

C2

lentaphoto.at

iujdhsndjfks.ru

gameindikdowd.ru

jhgfdlkjhaoiu.su
Attributes
  • base_path

    /uploaded/

  • build

    250246

  • exe_type

    loader

  • extension

    .pct

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Botnet

5

C2

lentaphoto.at

iujdhsndjfks.ru

gameindikdowd.ru

jhgfdlkjhaoiu.su
Attributes
  • base_path

    /uploaded/

  • build

    250246

  • exe_type

    worker

  • extension

    .pct

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      main.exe

    • Size

      37KB

    • MD5

      9676298f24c8cdd4b532ac027a00f60e

    • SHA1

      8d0bd57712533f1a889627706925c17ed4347ce5

    • SHA256

      0f5cce66023859e9d7e3f54b78e95bf09618db5ed01fe05b765d76ab156271da

    • SHA512

      525b70896530a60cf58de64e8052ef2a8eb5ccc73d86fcd1f55d4850e682e3ff44c7ebc18ab029fc479b75a9a0083765c314c542b356d7ef8a7e7e493f13e7fd

    • SSDEEP

      768:/QLm41fM01vAqyRrlpItKFyr8MS1g7/s1w70anLq:/L41fMSvXArbYVrO0/saLq

    Score
    10/10
    gozi5bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks