gozi | c012156914003f60744671be38a8758aadc9aa3431d60ad8a1a05577c76ced1e | Triage

Sharing

General

Target

azienda.zip
Size

467B
Sample

230302-m3erpace95
MD5

ce158f81a7c100c9d29fd8ddf40e074d
SHA1

ff6fc8a0a18d80e26cab73802dc8aa4d3b287324
SHA256

c012156914003f60744671be38a8758aadc9aa3431d60ad8a1a05577c76ced1e
SHA512

42dd7d20fb50a608bda80cb99c82ad6e11fc8426972535392e4198e13dfe1384e80572c9ae2236b4cfd02b8f71b532b2d7bf9dfa0fd8217491ac40cf91ca1b54

Score

10^/10

gozi 7709 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

7709

C2

checklist.skype.com

62.173.141.252

31.41.44.33

109.248.11.112

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  azienda/azienda.url
- Size
  
  192B
- MD5
  
  7c979eb1d63d67578329c6c9265046ef
- SHA1
  
  da995fa37d041a53c5f510370c314737ad1c23cc
- SHA256
  
  6537bdbd6b350022b95421209e5eb8cfd851a556904dd5b7b8a9189b21d40efb
- SHA512
  
  617b46a391ac42a93f68e4b4739a0ff9516d73e9761e6a4bc8194b6bb3d633350dcadc29d89bab179953c0908e526ea2a409fc6425c30fdd893a9b1d40c855a3
Score

10^/10

gozi 7709 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi7709bankerisfbtrojan