gozi | 0559f6d5368616d2df910fdb694d5fb20abdd211e6579881dcf3a025f5ea1461 | Triage

Sharing

General

Target

8576845098.zip
Size

234KB
Sample

221213-18fg3aag9s
MD5

cdf8c39515a51ad1ac42df602b0022d1
SHA1

8d7903bb9c0aa8f3fb4c9b6235e8590071ca1a4c
SHA256

0559f6d5368616d2df910fdb694d5fb20abdd211e6579881dcf3a025f5ea1461
SHA512

367fca58f3830bd7baa3ad88722080b2ad4a4abdd4e45aa8ad83db7cc4f6da89aea8adb08a74a77cb0477be572fcc7f080e93089d482e385a3e35e7b3eecf3e9
SSDEEP

6144:ULMNifdmM3E9YEWbB+WC/8QtjIzgQXuHaSSnoJ5v3yEg2WL:1YBYsB+WC/jjIzgmCaSSov3yEgtL

Score

10^/10

gozi 202211173 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

202211173

C2

https://giototad.xyz

https://mitotad.xyz

Attributes

host_keep_time
2
host_shift_time
5
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  fe6208e881638199f64a9ac23ba1616b0533f73c78d62b5034a835760d69c2b3
- Size
  
  740KB
- MD5
  
  ada0f09c987d70f4d50324ecd3bb474a
- SHA1
  
  1b171203ca7d76adbe64c1591e41b094b09f37d0
- SHA256
  
  fe6208e881638199f64a9ac23ba1616b0533f73c78d62b5034a835760d69c2b3
- SHA512
  
  752e26d2fe177d495b76fb7b5005a92d81823cf9a6e403f30e1022c83a138cafee9d096ed6291818ffa48e4495f4dfed1a6faa1eb7ff342e89a9797a1f1d37a6
- SSDEEP
  
  12288:Nssbb33f5SsXPIYdQI691o5+1q85b3JGkQWjd99yIPmK3S:Ns6dSGPdJ1u9g699yIPmK3S
Score

10^/10

gozi 202211173 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi202211173bankerldr4trojan

behavioral2

gozi202211173bankerldr4trojan