gozi | 846a8058cda54207aebb885f99dab0eab57529eb8dd94a3d57bbde2e93c4aad4 | Triage

Sharing

General

Target

c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.exe
Size

526KB
Sample

221124-lq3gjsef87
MD5

590d96a7be55240ad868ebec78ce38f2
SHA1

2aaf8acb010dfe83b808d7cc77f6821aaf44f3d2
SHA256

846a8058cda54207aebb885f99dab0eab57529eb8dd94a3d57bbde2e93c4aad4
SHA512

9360564b79909f934db9120315d981d3b2bf5e1f853baa0145d7ff9b0ac375d452d11d86f90dfe5547fdbd8f4f04a8f4fd2f73c50eab2df7bddb8207194d126a
SSDEEP

6144:al+x6f16rj6MrQeQap0+TMPRxWer+YeZczE72q1i6qs6Yfs:a4416SCpXMPjWce+Eqq1i6qdas

Score

10^/10

gozi 202208151 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

202208151

C2

https://higmon.cyou

https://prises.cyou

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.exe
- Size
  
  526KB
- MD5
  
  590d96a7be55240ad868ebec78ce38f2
- SHA1
  
  2aaf8acb010dfe83b808d7cc77f6821aaf44f3d2
- SHA256
  
  846a8058cda54207aebb885f99dab0eab57529eb8dd94a3d57bbde2e93c4aad4
- SHA512
  
  9360564b79909f934db9120315d981d3b2bf5e1f853baa0145d7ff9b0ac375d452d11d86f90dfe5547fdbd8f4f04a8f4fd2f73c50eab2df7bddb8207194d126a
- SSDEEP
  
  6144:al+x6f16rj6MrQeQap0+TMPRxWer+YeZczE72q1i6qs6Yfs:a4416SCpXMPjWce+Eqq1i6qdas
Score

10^/10

gozi 202208151 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi202208151bankerldr4trojan

behavioral2

gozi202208151bankerldr4trojan