gozi | d3330f975232e5c1732cd1cfd2b64b631b16ae6cfd5ad3357e683989af54bbd2 | Triage

Sharing

General

Target

C566B292EB539CF6D1F1D867D4F4972F9D2BC887DF68BAA25A36B5073AE470AD.zip
Size

697KB
Sample

230217-a5rg2sch83
MD5

dc9959308ea74babda358de6875ebd2e
SHA1

d88f8a624b4f7fe58c1e11dc01adb1528a3878d1
SHA256

d3330f975232e5c1732cd1cfd2b64b631b16ae6cfd5ad3357e683989af54bbd2
SHA512

3bf1c581291233ca0b13b1285873620d7f3ad3dbbbb44804fe36f4bbbb2934d40bd6e01ec0d02057731d920991b16cb8234cb62212c78e694162f4f0fe00a72d
SSDEEP

12288:SBoY7FqY3U87/I/vLAMFUnT3LbPZwBgzWQpIC98soIBM:SBh7F93U87wHLwbmc8sVM

Score

10^/10

gozi 1000 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

https://merrovalt.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  C566B292EB539CF6D1F1D867D4F4972F9D2BC887DF68BAA25A36B5073AE470AD.dll
- Size
  
  335.1MB
- MD5
  
  9a5c17e5ffd7716dbe9425513f24f9f3
- SHA1
  
  4f96536ff5c9904593fd59df06452bc3b85ff8bd
- SHA256
  
  c566b292eb539cf6d1f1d867d4f4972f9d2bc887df68baa25a36b5073ae470ad
- SHA512
  
  4e79c9135714a19fc34ba696c7401eecb4505d2b709176a94562d1a36b2da3b18f9048658d9ae4d013292528493b370caa43dd215058cd96fd520b54e7b08b4f
- SSDEEP
  
  12288:EfJ2dpC+/doJSnFlxGIDWv5EghEug86SbJqLb47v0:aUCudoJsxGIDWv5N0OELb4I
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan