gozi | d2b41392e12bfdf13e131ba3db02e5f21851a98df243403995b182ee15a1992c | Triage

Sharing

General

Target

test.xll
Size

1.4MB
Sample

230217-salx7afh89
MD5

04c9f5abf862f834e68abf9f88e64013
SHA1

b578bae2483d4a5e0ac83aa6fcafaa3ff415468b
SHA256

d2b41392e12bfdf13e131ba3db02e5f21851a98df243403995b182ee15a1992c
SHA512

b05529f262cad69cd8bcfcd793fa644d74bf7be23423180fa418ca11428918a264ed7e615d255086e69ada85efc3b2e41719d2ce09962356b9ad0737820e7f60
SSDEEP

12288:EfJ2dpC+/doJSnFlxGIDWv5EghEug86SbJqLb47v:aUCudoJsxGIDWv5N0OELb4

Score

10^/10

gozi 1000 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

https://merrovalt.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  test.xll
- Size
  
  1.4MB
- MD5
  
  04c9f5abf862f834e68abf9f88e64013
- SHA1
  
  b578bae2483d4a5e0ac83aa6fcafaa3ff415468b
- SHA256
  
  d2b41392e12bfdf13e131ba3db02e5f21851a98df243403995b182ee15a1992c
- SHA512
  
  b05529f262cad69cd8bcfcd793fa644d74bf7be23423180fa418ca11428918a264ed7e615d255086e69ada85efc3b2e41719d2ce09962356b9ad0737820e7f60
- SSDEEP
  
  12288:EfJ2dpC+/doJSnFlxGIDWv5EghEug86SbJqLb47v:aUCudoJsxGIDWv5N0OELb4
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan