gozi | 96691a5722177bd3b92d898458b51bf624a6fd3c83ba03f6c1a9c2088171931e | Triage

Sharing

General

Target

96691a5722177bd3b92d898458b51bf624a6fd3c83ba03f6c1a9c2088171931e
Size

398KB
Sample

230129-xxgn7sae29
MD5

a2f914433461b45fc5505e9f89683625
SHA1

a004c119c923990c3cc93c4eff5dcf4a7cf45bf6
SHA256

96691a5722177bd3b92d898458b51bf624a6fd3c83ba03f6c1a9c2088171931e
SHA512

e0bed07bb6f97c0e685ece31654c2bb147d78a11530740451376b267738e6af430f13c5e5b50d96ec4ba81d2a9c770a2f085c3b5ba38ec6078eb4a0b2e196ba8
SSDEEP

12288:skELFg2bL3yXTmLwkHIvJuXK1+OB0wmylK+IUGJH+O:sxy2wm9R+O

Score

10^/10

gozi 5500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

base_path
/manifest/
build
250177
dga_season
10
exe_type
loader
extension
.cnx
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  96691a5722177bd3b92d898458b51bf624a6fd3c83ba03f6c1a9c2088171931e
- Size
  
  398KB
- MD5
  
  a2f914433461b45fc5505e9f89683625
- SHA1
  
  a004c119c923990c3cc93c4eff5dcf4a7cf45bf6
- SHA256
  
  96691a5722177bd3b92d898458b51bf624a6fd3c83ba03f6c1a9c2088171931e
- SHA512
  
  e0bed07bb6f97c0e685ece31654c2bb147d78a11530740451376b267738e6af430f13c5e5b50d96ec4ba81d2a9c770a2f085c3b5ba38ec6078eb4a0b2e196ba8
- SSDEEP
  
  12288:skELFg2bL3yXTmLwkHIvJuXK1+OB0wmylK+IUGJH+O:sxy2wm9R+O
Score

10^/10

gozi 5500 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi5500bankerisfbtrojan

behavioral2

gozi5500bankerisfbtrojan