gozi | 0ab7b970fa1728713371d1f9186c1910a490964c8c4afb54ebe158ba6fe8030b | Triage

Sharing

General

Target

ZipCosdaz1_detrunked.exe
Size

238KB
Sample

221214-zjjmrabb39
MD5

630bbad3b703e4726558584b4eb0d6a5
SHA1

d88ca9a9bfdcce2b453d56b09ae134b0d861f27c
SHA256

0ab7b970fa1728713371d1f9186c1910a490964c8c4afb54ebe158ba6fe8030b
SHA512

5df5acd85194b6a346955cf3f32111e12825f08bfca69fe13e6eaeed904d7a4158a744242d8db8bec621c9b823ccfefefdb602531d51b605bea823e9217410b0
SSDEEP

6144:v5RXU9L/3zwa5YRIWTNPU9dV7n/7CWKADsd:hRXSD3UuYK2PUHVz/eiDsd

Score

10^/10

gozi 2002 banker isfb persistence trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2002

C2

trackingg-protectioon.cdn4.mozilla.net

45.11.182.97

79.132.128.108

protectioon.cdn4.mozilla.net

91.241.93.98

79.132.128.109

91.242.217.28

91.241.93.111

Attributes

base_path
/fonts/
build
250249
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Botnet

2002

C2

trackingg-protectioon.cdn4.mozilla.net

45.11.182.97

79.132.128.108

protectioon.cdn4.mozilla.net

91.241.93.98

79.132.128.109

91.242.217.28

91.241.93.111

Attributes

base_path
/fonts/
exe_type
worker
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  ZipCosdaz1_detrunked.exe
- Size
  
  238KB
- MD5
  
  630bbad3b703e4726558584b4eb0d6a5
- SHA1
  
  d88ca9a9bfdcce2b453d56b09ae134b0d861f27c
- SHA256
  
  0ab7b970fa1728713371d1f9186c1910a490964c8c4afb54ebe158ba6fe8030b
- SHA512
  
  5df5acd85194b6a346955cf3f32111e12825f08bfca69fe13e6eaeed904d7a4158a744242d8db8bec621c9b823ccfefefdb602531d51b605bea823e9217410b0
- SSDEEP
  
  6144:v5RXU9L/3zwa5YRIWTNPU9dV7n/7CWKADsd:hRXSD3UuYK2PUHVz/eiDsd
Score

10^/10

gozi 2002 banker isfb persistence trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi2002bankerisfbpersistencetrojan