gozi | 436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673 | Triage

Sharing

General

Target

436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
Size

448KB
Sample

221125-lsqwjagg83
MD5

dfb6048138b5aa9317e22515edb8908f
SHA1

2eeb014fc359874915afb93641068f0dd5c1748a
SHA256

436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
SHA512

3939d29f969e3332c4ee98341262ec79481dc43ca28c6140731aac8df931924d4de0bbceffdc253f38b80199ac00df143aaf0ad8fae167ca8f6502d84411bbd2
SSDEEP

6144:/KOtEtEtEtEtEtEtEtEtEtEt14xwmjSu0s:/1eeeeeeeeee14xwmx

Score

10^/10

gozi 86920233 banker cryptone packer rm3 trojan

Malware Config

Extracted

Family

gozi

Attributes

build
300869

Extracted

Family

gozi

Botnet

86920233

C2

https://babytoydeals.xyz

Attributes

build
300869
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
- Size
  
  448KB
- MD5
  
  dfb6048138b5aa9317e22515edb8908f
- SHA1
  
  2eeb014fc359874915afb93641068f0dd5c1748a
- SHA256
  
  436909a16f1202c328732c4dd6bc7b3ce8c49682f7c5151cd2851915b9154673
- SHA512
  
  3939d29f969e3332c4ee98341262ec79481dc43ca28c6140731aac8df931924d4de0bbceffdc253f38b80199ac00df143aaf0ad8fae167ca8f6502d84411bbd2
- SSDEEP
  
  6144:/KOtEtEtEtEtEtEtEtEtEtEt14xwmjSu0s:/1eeeeeeeeee14xwmx
Score

10^/10

gozi 86920233 banker rm3 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi86920233bankerrm3trojan

behavioral2

gozi86920233bankerrm3trojan