gozi

General

Target

194f2d09cdff5abdf5f7107fbcbaab4ac63d60263724a5f05e6255a1ce2c8b03
Size

304KB
Sample

221128-qvgg4afg96
MD5

7d6d1334510a549282736d5ded6a2b46
SHA1

925bb61608e2adb50e12c759f399e4041f49446c
SHA256

194f2d09cdff5abdf5f7107fbcbaab4ac63d60263724a5f05e6255a1ce2c8b03
SHA512

61cc49350c8b1961c2375365b2d1839e7226a0746c650652ae52efa216a10d33fb8d0536412e66f110aa92d1949e1270c77f09f6a71ba3d6356c40d2624ba0aa
SSDEEP

6144:/+bYVWAD06Rzy1lPqDaSGjBzFlZzknaLhD8iOa7PPkG5iSq9E:2bYcAo6RAlPHSsFz4aL58ra7Px7

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

dialerrorbodyorig.org

cserhtmlordi.net

srcubusrctimeouthtml.info

stimeoutbodytimeout.biz

ubuhtmlerrorsubuntudial.info

ditimbodytimeout.com

origsolerhterrorhtml.org

srcerdialtimeout.biz

origstimeoutsoltimeout.biz

timeoutstims.com

diersrcerhtmlerhtml.com

htmlorditimeoutsrc.com

bodycsrcubuntu.org

origbotimeout.net

comhtorboubu.info

timeoutsordierhtmlubuntu.net

ubuntusrccom.com

ubuntudiubuntubo.org

dialcomsrcorig.org

orhtmlcbodyerrorhtml.net

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  194f2d09cdff5abdf5f7107fbcbaab4ac63d60263724a5f05e6255a1ce2c8b03
- Size
  
  304KB
- MD5
  
  7d6d1334510a549282736d5ded6a2b46
- SHA1
  
  925bb61608e2adb50e12c759f399e4041f49446c
- SHA256
  
  194f2d09cdff5abdf5f7107fbcbaab4ac63d60263724a5f05e6255a1ce2c8b03
- SHA512
  
  61cc49350c8b1961c2375365b2d1839e7226a0746c650652ae52efa216a10d33fb8d0536412e66f110aa92d1949e1270c77f09f6a71ba3d6356c40d2624ba0aa
- SSDEEP
  
  6144:/+bYVWAD06Rzy1lPqDaSGjBzFlZzknaLhD8iOa7PPkG5iSq9E:2bYcAo6RAlPHSsFz4aL58ra7Px7
Score

10^/10

gozi 1000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2