gozi | 3a5a6e8d7db817361b7126dd2f3ba2b0db254bfaf9ba12048a58b3f914737ac5 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-02-2023 08:05

Sharing

Report Analysis Logs

General

Target

control.exe
Size

37KB
MD5

fab96414cc834214965bfc06a1f152b0
SHA1

1734b62ddb614cde6f6191799e8c4494593b533c
SHA256

c0be2d843a58e5c8efbdeee3d287fa6432e0bf401fd7c38870b8153301a24b69
SHA512

959f5dcfccd8d934d5b09e92ee84e54a1fefb04c6bfa59ce60988779061d3fbf72752db9b5118f19ca334fc48b0fad0f2e0418c2dc278cbb4879b15c57eb7fb8
SSDEEP

768:TKbMPv5JLJyeyV34OB9bl5n+iRjn9P1avZa9Bmr1h097mI569:T4MHLLJJyt5+0zavZangX097m5

Score

10^/10

gozi 994411 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

994411

C2

renewbleenergey.ru

iujdhsndjfks.ru

94.198.54.97

gameindikdowd.ru

jhgfdlkjhaoiu.su

reggy506.ru

reggy914.ru

Attributes

base_path
/uploaded/
build
250249
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\control.exe
"C:\Users\Admin\AppData\Local\Temp\control.exe"
1⤵
PID:752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-54-0x0000000000030000-0x000000000003D000-memory.dmp

Filesize
52KB

Download