gozi | ca81e59ee05627070f6a262bde7a2e7cdf49b015a8e0e36a68601edfce40c42a | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/12/2022, 09:00

Sharing

Report Analysis Logs

General

Target

entrat (2).exe
Size

227KB
MD5

bba73880ba1909ac9287d21891308dc2
SHA1

141070af9cc62be8b97abeb57bd40bd01e3eee78
SHA256

ca81e59ee05627070f6a262bde7a2e7cdf49b015a8e0e36a68601edfce40c42a
SHA512

d0dec7f477849d2d3c456fc8794e0496d8c0b455cb0663b2073377ea2313898c184c4d459e67039c585fc0c66b716cb43e70afef43f82b110700f5e8881fd219
SSDEEP

3072:i1jZTLdE15olca9PobsTONaz1igalL1TE1l2aWzgKr/so:ktLd/lzKY1OBTElWzz/

Score

10^/10

gozi 7639 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7639

C2

31.41.44.43

62.173.147.143

31.41.44.63

62.173.147.113

Attributes

base_path
/drew/
build
250249
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\entrat (2).exe
"C:\Users\Admin\AppData\Local\Temp\entrat (2).exe"
1⤵
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x0000000000508000-0x0000000000519000-memory.dmp

Filesize
68KB

Download
memory/1212-55-0x0000000000508000-0x0000000000519000-memory.dmp

Filesize
68KB

Download
memory/1212-56-0x0000000000220000-0x000000000022B000-memory.dmp

Filesize
44KB

Download
memory/1212-57-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download