gozi | 0147d8553ae0995f17c846d7f0ec8199d0e415b4903a0bb46eaa59303a8689ea | Triage

Sharing

General

Target

Direzione.zip
Size

477B
Sample

230302-m3erpace97
MD5

e046f3ed3175bda1eaff6fe2e1971f75
SHA1

2b4bb353947f633a424bdfb138f06c13b3b91b2f
SHA256

0147d8553ae0995f17c846d7f0ec8199d0e415b4903a0bb46eaa59303a8689ea
SHA512

37e21a553f60e0951303d4eca9b3f433bbf57799897f1e606229e19bee3f813f9b61390921dffbc0ce08b2d6f77952d89eaf7b398d1ccf4964cc805cecf0a22f

Score

10^/10

gozi 7709 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

7709

C2

checklist.skype.com

62.173.141.252

31.41.44.33

109.248.11.112

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  Direzione/Direzione.url
- Size
  
  192B
- MD5
  
  c4e1d74f7d802c5e4c0112043d44d2d4
- SHA1
  
  9cbbae1f7a0eefdff4cd2a7a16f843dc6c935817
- SHA256
  
  0d5bb18b348a991d69f25eafa6d70069e03f355475a7a443035b9f8a5e4add06
- SHA512
  
  531d6de406ee75950be0e5e2d29bfbf1a81dce8c769d84f61931c3fc2fb1ae81fb9bd26439bda58773ca250e86973c4de16f74e9198f399b2b54b1f51c556967
Score

10^/10

gozi 7709 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi7709bankerisfbtrojan