gozi | e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f | Triage

Sharing

General

Target

e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f
Size

186KB
Sample

230129-xnrstabe9z
MD5

48e2591c09f94b3f422e46875d62bef3
SHA1

111082fb2708aa281b1cda9a4c4fece714089216
SHA256

e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f
SHA512

854d0e111e72e49620a389ae3ed4cbf903bea38bdd225b14208b02149a3197a20dc12d398a2ebbce67f47e6b021a6fc547db642b515598597810340277563eba
SSDEEP

3072:INAOhmfyCWmdsiYPk4ijZlgQcA9Xo4/0GyWRgEqUnLxqF9mEGp:TWZxk4mZlvcA91LySgE3nYZe

Score

10^/10

gozi 6565 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

6565

C2

updates.microsoft.com

klounisoronws.xyz

darwikalldkkalsld.xyz

Attributes

base_path
/fallback/
build
250177
dga_season
10
exe_type
loader
extension
.wet
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f
- Size
  
  186KB
- MD5
  
  48e2591c09f94b3f422e46875d62bef3
- SHA1
  
  111082fb2708aa281b1cda9a4c4fece714089216
- SHA256
  
  e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f
- SHA512
  
  854d0e111e72e49620a389ae3ed4cbf903bea38bdd225b14208b02149a3197a20dc12d398a2ebbce67f47e6b021a6fc547db642b515598597810340277563eba
- SSDEEP
  
  3072:INAOhmfyCWmdsiYPk4ijZlgQcA9Xo4/0GyWRgEqUnLxqF9mEGp:TWZxk4mZlvcA91LySgE3nYZe
Score

10^/10

gozi 6565 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi6565bankerisfbtrojan

behavioral2

gozi6565bankerisfbtrojan