gozi | 6e9f4d4c879eb99c4cd06121a3852ed5b2d1ee98a09095e0544a74c2b906c8be | Triage

Sharing

General

Target

Agenzia_Entrate.zip
Size

515B
Sample

230123-kw6wgsec31
MD5

d9cc6cd5c7e6b8e06451c5334e3ff3fa
SHA1

6a7712d2501f2b627655523fdb3a3a4ee99d3145
SHA256

6e9f4d4c879eb99c4cd06121a3852ed5b2d1ee98a09095e0544a74c2b906c8be
SHA512

b242456a2bd5db9c604a01b35baba08df8a34645b7fa6847f2ccb74feebad517138805e81700ed04e705cd85dae4da8b1081aeb307c3d422796e834f109bdcde

Score

10^/10

gozi 7707 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7707

C2

checklist.skype.com

62.173.149.10

31.41.44.27

193.0.178.235

Attributes

base_path
/drew/
build
250250
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Agenzia_Entrate/Agenzia_Entrate.url
- Size
  
  193B
- MD5
  
  2f51b9260df01427360ae67ed36605c8
- SHA1
  
  c6bc3f35cab979a419bb018bedf8cdda33293e11
- SHA256
  
  1733a69420c4f4c83afee2e9a4b09094e2358c33696c24cf30468991cb6da875
- SHA512
  
  d9619d3a9a07e25b57e374adf896a7b201bf2c8002a871438b6822c58545331179130b9709e6dedc8ce6ce188358906a9e5ffbfeee53f46dcc41f5b7d42a302e
Score

10^/10

gozi 7707 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi7707bankerisfbtrojan