gozi | d37a1ad57c494e0a18f57ec18615582c270e8c74fdf5c01005e1cb42fcdb3aa7 | Triage

Submit
Reports

Overview

overview

Static

static

1

metaplatfo...f..lnk

windows7-x64

metaplatfo...f..lnk

windows10-2004-x64

Sharing

General

Target

d37a1ad57c494e0a18f57ec18615582c270e8c74fdf5c01005e1cb42fcdb3aa7
Size

1.3MB
Sample

230223-lek35ahc3w
MD5

db2e14a99c955600e370f99b76d48824
SHA1

691512783ca7aff47fa187432e9c85af0dc64c75
SHA256

d37a1ad57c494e0a18f57ec18615582c270e8c74fdf5c01005e1cb42fcdb3aa7
SHA512

59c15e566700b46a5a26f430b93ffae169b78d27402676aca1cc8d486aef7f604956aaa8e96439fb56cca3c53d731fe3100be35ebaf446e8efe2acc4d7403cef
SSDEEP

12288:GGj8TrMdc++NjgmikirbgjE35JPuoqLr6yKDWN2Q7CJKMUwnFP66Lhck02NZG4L7:1o3MdcHUfLJptqPa6NVMNR66dcM5RR

Score

10^/10

gozi 1000 banker ldr4 trojan

Static task

static1

Behavioral task

behavioral1

Sample

metaplatform02.pdf..lnk

Resource

win7-20230220-en

gozi 1000 banker ldr4 trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

metaplatform02.pdf..lnk

Resource

win10v2004-20230221-en

gozi 1000 banker ldr4 trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

https://colodart.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  metaplatform02.pdf..lnk
- Size
  
  293.6MB
- MD5
  
  d8564cb88267993101b3f0f54048c6a4
- SHA1
  
  75dad371e05629179c7e30bd24a068553336aefd
- SHA256
  
  e80e664931e44044b7d162100524858755203db39402ddc8f816a508404ea3c5
- SHA512
  
  a41b87daa0aea3057a4e1cdd29a7aa81e488880e714139529c75bc714ac803dd43e6a0acac143d2c3edbfac4582205c66e822c4561e817a4337fcb910abb0d57
- SSDEEP
  
  24576:87MkCMWioaEMPQjw1coi5qsSrKz6Fwoh73sVDGSQ7wqfU:0hQRoAz6quxhC
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan

© 2018-2024

Terms | Privacy