gozi | 47fe024db0727c36ee50c5543741fc154fd06d647b755324e38d0b53bec3321b | Triage

Sharing

General

Target

47fe024db0727c36ee50c5543741fc154fd06d647b755324e38d0b53bec3321b
Size

288KB
Sample

221130-w7pl5agh21
MD5

547ae4e5c26ce9ba0a922419cccf92f6
SHA1

fe8800b35d481776db223073882227d8c2f80cc8
SHA256

47fe024db0727c36ee50c5543741fc154fd06d647b755324e38d0b53bec3321b
SHA512

652dea3d7c1343375649e4e2b95b39d6fe64a5469faaa7e948ac8fa1ec6e3fb4e172bac7a8a08bb02d241f25ac54fbf7a605a97338fc5ee09c5948888d4f7a6e
SSDEEP

6144:W3rFvVtZVA0IWgNMharozdqdAP/qf1xtnX727AAlUGf:6FtXVNyNQaro4E/yx9/Alf

Score

10^/10

gozi 3300 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3300

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  47fe024db0727c36ee50c5543741fc154fd06d647b755324e38d0b53bec3321b
- Size
  
  288KB
- MD5
  
  547ae4e5c26ce9ba0a922419cccf92f6
- SHA1
  
  fe8800b35d481776db223073882227d8c2f80cc8
- SHA256
  
  47fe024db0727c36ee50c5543741fc154fd06d647b755324e38d0b53bec3321b
- SHA512
  
  652dea3d7c1343375649e4e2b95b39d6fe64a5469faaa7e948ac8fa1ec6e3fb4e172bac7a8a08bb02d241f25ac54fbf7a605a97338fc5ee09c5948888d4f7a6e
- SSDEEP
  
  6144:W3rFvVtZVA0IWgNMharozdqdAP/qf1xtnX727AAlUGf:6FtXVNyNQaro4E/yx9/Alf
Score

10^/10

gozi 3300 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi3300bankerisfbtrojan

behavioral2

gozi3300bankerisfbtrojan