gozi | 3352610c742bc85a12ad4d032fbd503f8a3d1d749433c9b9f2662925dae61a21 | Triage

Sharing

General

Target

ldr
Size

188KB
Sample

221125-kxvjvaac91
MD5

db8f4fe3a8636105927ca84928c92c3b
SHA1

f2ecbfeb58ab58d6e7f2d5a01e678cddd8ad57b0
SHA256

3352610c742bc85a12ad4d032fbd503f8a3d1d749433c9b9f2662925dae61a21
SHA512

69fb94a4d99b4a926241096ee1471486968a62e2ec3e6c9060aac3879eaef588f006b9a60a970da7598d8a3d52ffe9bc5406bf706dd586b3a88cde3356bd9449
SSDEEP

3072:lsj2ssx0dfbTAlLVm6a7FM5DF6/UkVm/lSRJGT5ZI+ZfL8:g2sELVmV76lmJGT5n1

Score

10^/10

gozi 202211252 banker rm3 trojan

Malware Config

Extracted

Family

gozi

Attributes

build
301027

Extracted

Family

gozi

Botnet

202211252

C2

https://unitpores.com

Attributes

build
301027
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.html

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  ldr
- Size
  
  188KB
- MD5
  
  db8f4fe3a8636105927ca84928c92c3b
- SHA1
  
  f2ecbfeb58ab58d6e7f2d5a01e678cddd8ad57b0
- SHA256
  
  3352610c742bc85a12ad4d032fbd503f8a3d1d749433c9b9f2662925dae61a21
- SHA512
  
  69fb94a4d99b4a926241096ee1471486968a62e2ec3e6c9060aac3879eaef588f006b9a60a970da7598d8a3d52ffe9bc5406bf706dd586b3a88cde3356bd9449
- SSDEEP
  
  3072:lsj2ssx0dfbTAlLVm6a7FM5DF6/UkVm/lSRJGT5ZI+ZfL8:g2sELVmV76lmJGT5n1
Score

10^/10

gozi 202211252 banker rm3 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi202211252bankerrm3trojan

behavioral2

gozi202211252bankerrm3trojan