Overview

overview

10

Static

static

x.dll

windows7-x64

10

x.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x.zip

  • Size

    590KB

  • Sample

    221123-nzkzzadb7z

  • MD5

    2d91533c8413d94ae8ed49e31c81dace

  • SHA1

    f1f6ba4bf810e3e0e085f0438c5272d2461160ed

  • SHA256

    5bba1e1dffcf2e5c44afab574c6d6e10910c84d7bb27e5add8eec9a08750ab4d

  • SHA512

    a56da2138c5d5db31967b6d65366d61e985c88c60348ce6f8eb9c1101694c4e334e478e6ecfd37e8fd6f1278578492299e89305570ce863cea828fa40175927b

  • SSDEEP

    3072:ZyGsuFFZhpVUtzKRi0gnGka4Byjm2IEb6z3tRj7a4lW2dD/9n6upODcPom/npMBK:PXRVU92UGk5ylOvzlWwDVnxAD2plvz

Score
10/10
gozibankerldr4trojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      x.dll

    • Size

      334.3MB

    • MD5

      c6be1be2ca62aa076f51d2a00097a7c3

    • SHA1

      456d680c060c5c523302c02afe523c8f065f057c

    • SHA256

      db8015d34f04842bb81fca9d3c22724f38b69d85919117569b3bbade3d96cc63

    • SHA512

      82213aae9030025b64e3591de349a1522ac0a456b210a6aec7b3a73e9cc38ab9fb0ffbd15e6c1019dea738529dded5522ec04c348467a7d25e3e757e67a25bc3

    • SSDEEP

      49152:8TtALAAAAAAAAP7AAAAAAAAAAM3AAAAAAfACziallWAAAA6AAAAAAAAAAAqAAAAP:SACg9tmG4dpr

    Score
    10/10
    gozibankerldr4trojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks