gozi | 07bbcb57fa6cf024f676ac698f7c4b317ef351a088692a2ef6dfddb2866506cf | Triage

Sharing

General

Target

c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.zip
Size

570KB
Sample

221124-hqcz4sac9w
MD5

0a7e072d7f5fec9117267c8478adb58b
SHA1

482117f67b5e4e291e073daced91715ec483ed0c
SHA256

07bbcb57fa6cf024f676ac698f7c4b317ef351a088692a2ef6dfddb2866506cf
SHA512

66edbe751d8659047a11e3d0738ab2d5fc263fecb4f1963b00e9bbede13e304c5c40fd3fc2285d5c874cd33ef4e2cee80f60824fb559b14dfeb918b42a4422ac
SSDEEP

6144:LzVuUsZyavSvYrjd4JyiI6/3suE6xeiVg:LY79vSvWpiI6vsiu

Score

10^/10

gozi 202208151 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

202208151

C2

https://higmon.cyou

https://prises.cyou

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd
- Size
  
  334.3MB
- MD5
  
  baa784967fd0558715f4011a72eb872e
- SHA1
  
  fe0e47ef91a11743eb0f5bfa4b88670a0bedf27c
- SHA256
  
  c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd
- SHA512
  
  7e2c6c1162762fc43106fa7e34eeb15ff46a2a1a9b622e73ba9c187ae34ecbc3f48ff45582d047bf96bf6fec6ac2cf407bba8300913fb84beee9a6fef0f792f3
- SSDEEP
  
  6144:al+x6f16rj6MrQeQap0+TMPRxWer+YeZczE72q1i6qs6Yfsf:a4416SCpXMPjWce+Eqq1i6qdasf
Score

10^/10

gozi 202208151 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi202208151bankerldr4trojan

behavioral2

gozi202208151bankerldr4trojan