gozi | 594c5be5ad8bfe2471448c4fe87f934c7297a725c5e0469f381118f470d5ddd7 | Triage

Sharing

General

Target

ZipCosdaz1.zip
Size

201KB
Sample

230102-mhma2adh66
MD5

8a63a7e1b400fd665d367876f9616e8e
SHA1

f48223b22680ae9610bbcb2254b8228c93a8c9c9
SHA256

594c5be5ad8bfe2471448c4fe87f934c7297a725c5e0469f381118f470d5ddd7
SHA512

b61eed270749a79bd709f9c8c95250b2b37d4c7311b582fdebf379dd749bfccb8bae592eb191dbd0ce5b2c14860247fe1f74501922b35913d426bf6cc1e4f43a
SSDEEP

6144:XWM0eeQ7ksGBfjDuR/ryki/HWaNvYVUsF8eAX:F0/QYXf/U/2lHWIQl8RX

Score

10^/10

gozi 20000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

trackingg-protectioon.cdn4.mozilla.net

79.132.130.171

45.11.182.30

protectioon.cdn4.mozilla.net

79.132.128.228

185.189.151.61

Attributes

base_path
/fonts/
build
250249
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Botnet

20000

C2

trackingg-protectioon.cdn4.mozilla.net

79.132.130.171

45.11.182.30

protectioon.cdn4.mozilla.net

79.132.128.228

185.189.151.61

Attributes

base_path
/fonts/
build
250249
exe_type
worker
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  ZipCosdaz1.exe
- Size
  
  308KB
- MD5
  
  d6f6ecbf69cc2680e9c3b41a0015680f
- SHA1
  
  308a0ed536602be01b34f7eb52269da7c72f02b5
- SHA256
  
  f21b2f9795d007b5452b590db584b550c68f48859f596c00c4f4b77a8189d610
- SHA512
  
  d1951f0c39469dfa10a3e94295412b00b04827a362aae09a04b6ff9cf9a28b28fcd8680cdc999533c3bee579d3a0582cca7381ea038361679825957a0067b280
- SSDEEP
  
  6144:2L/l/81gqG9fjDuRp4ivyIxZ1WqqdSv9x:2zl/ycf/UpHdYU
Score

10^/10

gozi 20000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi20000bankerisfbtrojan

behavioral2

gozi20000bankerisfbtrojan