gozi | e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35 | Triage

Sharing

General

Target

Zeip.dll
Size

592KB
Sample

230123-1tw69shc6x
MD5

85fa54c2a97ad3a1f8bd64af62450511
SHA1

db92c0a81e8b27d222607e093ccc9d00485db119
SHA256

e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35
SHA512

6c6faba5f566e3c383d676c736319a7a70138070b0d9771727a1c7756718a4add05db8a7c3a5b038b9269a0ecb14434872516912faea8e2479729a192f9a4b4b
SSDEEP

12288:cysmuJC4fktsdyjJGL44Clz8JwsWydYo9NRl:cT7IoyjXTKdlnz

Score

10^/10

gozi 20005 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20005

C2

trackingg-protectioon.cdn4.mozilla.net

80.77.23.77

80.77.25.109

protectioon.cdn4.mozilla.net

170.130.165.182

80.77.25.114

Attributes

base_path
/fonts/
build
250250
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Zeip.dll
- Size
  
  592KB
- MD5
  
  85fa54c2a97ad3a1f8bd64af62450511
- SHA1
  
  db92c0a81e8b27d222607e093ccc9d00485db119
- SHA256
  
  e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35
- SHA512
  
  6c6faba5f566e3c383d676c736319a7a70138070b0d9771727a1c7756718a4add05db8a7c3a5b038b9269a0ecb14434872516912faea8e2479729a192f9a4b4b
- SSDEEP
  
  12288:cysmuJC4fktsdyjJGL44Clz8JwsWydYo9NRl:cT7IoyjXTKdlnz
Score

10^/10

gozi 20005 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi20005bankerisfbtrojan

behavioral2

gozi20005bankerisfbtrojan