gozi | e9ad000733e086eb767ebad12ccb429404cc2552c79eced7d6e7fb7667ec0b5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f055e79a2e55454c54e58de0219dd8c.bin
Size

130KB
Sample

230211-bxjb5sab4w
MD5

3814040581b1c3e4a87a94f89fa3d013
SHA1

11433438b77e81d8311e35888317468736c4f4a2
SHA256

e9ad000733e086eb767ebad12ccb429404cc2552c79eced7d6e7fb7667ec0b5d
SHA512

223597ebdc4aea9944da62687fefa216bc86f5c7184f0fe8f24a3b01beed2077f021a825ced96edef36997700d5bd754adf0bd88615558608e106cdfd3344847
SSDEEP

3072:wNppqfMxGfqvJWlQjo7/v77ur0k7MZcADLE3Qc9A6OnUCB:wNpYMZJWB7/vvur0k7NAkHA6wB

Score

10^/10

gozi 7708 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7708

C2

checklist.skype.com

62.173.147.156

31.41.44.3

46.8.19.140

45.151.232.3

62.173.139.21

185.142.99.47

31.41.44.121

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  84908c9c014c59a36369a618dfc51316646d1dbc3314da3c66100b0706567d22.exe
- Size
  
  186KB
- MD5
  
  8f055e79a2e55454c54e58de0219dd8c
- SHA1
  
  f2d95f53d10e0f1a76aa5b3f82eaa8975710d9f5
- SHA256
  
  84908c9c014c59a36369a618dfc51316646d1dbc3314da3c66100b0706567d22
- SHA512
  
  9353a7783cf2595358f210731e67f83b6de39e6e09931ffdb84f7eced19eadede98f909257918ca7ec9dd37cf67009484979f54271841c4ed1e9ec97f5334e52
- SSDEEP
  
  3072:3FgViTHQYI2m/IWZloyMX1GLvtoXUoDq51VGJ/Vw6jkORAK:3Fd7dmpZl4gTtokoDq51VG5GPORd
Score

10^/10

gozi 7708 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi7708bankerisfbtrojan

behavioral2

gozi7708bankerisfbtrojan