gozi | 98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028 | Triage

Analysis

max time kernel
30s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 18:14

Sharing

Report Analysis Logs

General

Target

98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe
Size

277KB
MD5

7c3f801620ea1cebd29889400ec9af67
SHA1

b0d226574d6d7fb4ec46fcf0afea08d6e8f91674
SHA256

98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028
SHA512

b81e6dd0bf79ef853b2cbe09dddea946f87f901fbe3e66cad838684cdd4104bb454483fdfaf115a5c9203e7cd512547ec53a3c99fa2eb109c05403637352a6b6
SSDEEP

6144:5sOKPyyl3yr4yJ0hlNM0NZfxZRggbgH5o:5NvmfyJuM4Zpc5o

Score

10^/10

gozi 6000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

6000

C2

http://velooiisd.club

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe
"C:\Users\Admin\AppData\Local\Temp\98ec340830dcbc3535c88612fa0c40caa7a4c0ad656bf8aa232b3b35d4a7a028.exe"
1⤵
PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4496-132-0x000000000558B000-0x0000000005598000-memory.dmp

Filesize
52KB

Download
memory/4496-133-0x000000000558B000-0x0000000005598000-memory.dmp

Filesize
52KB

Download
memory/4496-134-0x0000000005440000-0x000000000544F000-memory.dmp

Filesize
60KB

Download
memory/4496-140-0x0000000000400000-0x00000000052A5000-memory.dmp

Filesize
78.6MB

Download
memory/4496-141-0x000000000558B000-0x0000000005598000-memory.dmp

Filesize
52KB

Download