gozi | 1dca2b5476755d8ab4c532734143cc36b4d6e6677c680fe8a2ef75fb16991c5a | Triage

Sharing

General

Target

1dca2b5476755d8ab4c532734143cc36b4d6e6677c680fe8a2ef75fb16991c5a
Size

224KB
Sample

221128-r8x8fafe5x
MD5

41c32f13099b45d1978ce7a7c4a8660e
SHA1

0965eaef20dafadd2fc95e107f826fc9e9d94fbe
SHA256

1dca2b5476755d8ab4c532734143cc36b4d6e6677c680fe8a2ef75fb16991c5a
SHA512

90372f75c55fc279a71ec17417341207e31afa9721c1ef864daa63e31cbc5ffd623b7746bb8cbaf2e8a6cb8a8dcb83e39503eefb6881c3decd33214ccd170f91
SSDEEP

6144:wD34rK1f1yB4us/oUAv+sOGqc6c52/xl1IiF5I6cY8E3E:e34rK1fs4uhUR5GqcyLZ5I6cYj3

Score

10^/10

gozi 1000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

arloeiffg.com

deburma.com

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  1dca2b5476755d8ab4c532734143cc36b4d6e6677c680fe8a2ef75fb16991c5a
- Size
  
  224KB
- MD5
  
  41c32f13099b45d1978ce7a7c4a8660e
- SHA1
  
  0965eaef20dafadd2fc95e107f826fc9e9d94fbe
- SHA256
  
  1dca2b5476755d8ab4c532734143cc36b4d6e6677c680fe8a2ef75fb16991c5a
- SHA512
  
  90372f75c55fc279a71ec17417341207e31afa9721c1ef864daa63e31cbc5ffd623b7746bb8cbaf2e8a6cb8a8dcb83e39503eefb6881c3decd33214ccd170f91
- SSDEEP
  
  6144:wD34rK1f1yB4us/oUAv+sOGqc6c52/xl1IiF5I6cY8E3E:e34rK1fs4uhUR5GqcyLZ5I6cYj3
Score

10^/10

gozi 1000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1000bankerisfbtrojan

behavioral2

gozi1000bankerisfbtrojan