gozi | 7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa | Triage

Sharing

General

Target

7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa
Size

318KB
Sample

221126-pbwx1acc75
MD5

46942efbb2747e803d2932fc79cf0a25
SHA1

f6587858ec53242f603d4f61e9f61705ad9f226e
SHA256

7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa
SHA512

fe3e9eaae8a4b7f9d524fde2f947157dff4307601358d612e8e3be5f18997db14569825cb52c4b2b3299f4567cc905ab1c58978b266903722e687f04cf1c7f8b
SSDEEP

6144:H9NX1icUq9uT3LngX1O28KS4xQ0ys8DP1LR1DLO9k80PCpCos8IGH14jlCqZgc:dNX1pUbLC1ZTS4xgnNDL3apC78IG8lCe

Score

10^/10

gozi 1001 banker isfb persistence ransomware trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

redwoodmotors.ru

pampers-globalworld.ru

pinkfloyd-mp3love.ru

sosandhelpconnect.ru

Attributes

build
213425
exe_type
worker

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa
- Size
  
  318KB
- MD5
  
  46942efbb2747e803d2932fc79cf0a25
- SHA1
  
  f6587858ec53242f603d4f61e9f61705ad9f226e
- SHA256
  
  7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa
- SHA512
  
  fe3e9eaae8a4b7f9d524fde2f947157dff4307601358d612e8e3be5f18997db14569825cb52c4b2b3299f4567cc905ab1c58978b266903722e687f04cf1c7f8b
- SSDEEP
  
  6144:H9NX1icUq9uT3LngX1O28KS4xQ0ys8DP1LR1DLO9k80PCpCos8IGH14jlCqZgc:dNX1pUbLC1ZTS4xgnNDL3apC78IG8lCe
Score

10^/10

gozi 1001 banker isfb persistence ransomware trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

gozi1001bankerisfbpersistenceransomwaretrojan

behavioral2