gozi | ca81e59ee05627070f6a262bde7a2e7cdf49b015a8e0e36a68601edfce40c42a | Triage

Sharing

General

Target

entrat (2).exe
Size

227KB
Sample

221221-kyngxsfa7x
MD5

bba73880ba1909ac9287d21891308dc2
SHA1

141070af9cc62be8b97abeb57bd40bd01e3eee78
SHA256

ca81e59ee05627070f6a262bde7a2e7cdf49b015a8e0e36a68601edfce40c42a
SHA512

d0dec7f477849d2d3c456fc8794e0496d8c0b455cb0663b2073377ea2313898c184c4d459e67039c585fc0c66b716cb43e70afef43f82b110700f5e8881fd219
SSDEEP

3072:i1jZTLdE15olca9PobsTONaz1igalL1TE1l2aWzgKr/so:ktLd/lzKY1OBTElWzz/

Score

10^/10

gozi 7639 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7639

C2

31.41.44.43

62.173.147.143

31.41.44.63

62.173.147.113

Attributes

base_path
/drew/
build
250249
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Botnet

7639

C2

185.31.162.9

31.41.46.120

31.41.44.71

62.173.147.138

31.41.44.79

62.173.147.142

62.173.147.64

Attributes

base_path
/drew/
build
250249
exe_type
worker
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  entrat (2).exe
- Size
  
  227KB
- MD5
  
  bba73880ba1909ac9287d21891308dc2
- SHA1
  
  141070af9cc62be8b97abeb57bd40bd01e3eee78
- SHA256
  
  ca81e59ee05627070f6a262bde7a2e7cdf49b015a8e0e36a68601edfce40c42a
- SHA512
  
  d0dec7f477849d2d3c456fc8794e0496d8c0b455cb0663b2073377ea2313898c184c4d459e67039c585fc0c66b716cb43e70afef43f82b110700f5e8881fd219
- SSDEEP
  
  3072:i1jZTLdE15olca9PobsTONaz1igalL1TE1l2aWzgKr/so:ktLd/lzKY1OBTElWzz/
Score

10^/10

gozi 7639 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi7639bankerisfbtrojan

behavioral2

gozi7639bankerisfbtrojan