gozi | beb762d325c6c8ae3cb3876c6491913a51a2a79f336bf0509641e1ad9bddbaec | Triage

Sharing

General

Target

documents-998725151.zip
Size

411KB
Sample

230302-zdkmvsec5y
MD5

44b4b391d4fafd15bf4f384abec244fa
SHA1

9c55a13226a3b898a594138fd63aba358ea41732
SHA256

beb762d325c6c8ae3cb3876c6491913a51a2a79f336bf0509641e1ad9bddbaec
SHA512

cb5ce375f69baae1fb1fa86dfd62b827746734c9bf9f19343ca85b01c1a009e34abbfb1394058ebc7e34d6ba0f3d75e87329e6dcf0f853c33aab1e3787f5732a
SSDEEP

12288:C2zKUlggYedmoWXlXIEUYm0G7TniW+rv042uxdi:C0ggVm9BBUhriB8Q2

Score

10^/10

gozi 20000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

https://checklistg.google.com

http://185.189.151.250

https://edge14.microsoft.com

http://45.11.181.117

Attributes

base_path
/binaries/
build
250255
exe_type
loader
extension
.ato
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  documents7.exe
- Size
  
  456KB
- MD5
  
  a86a8857981e84a0920f7e6e793c7f33
- SHA1
  
  9e89b8e09bc7130ae9f14d07ac33c1c6079f7046
- SHA256
  
  a240d325f163f4dd9e3ea176d85a1f0864b31efe774402f3cd03c27ea15a4ae1
- SHA512
  
  256f77bfcfb3dfabb753d91f66936ad8b91760483286a2b0bbf8cb1daef7e67fc262063173af2db3d46114daaf46ee9d41ef2ec14d82fec1699255c100cb4536
- SSDEEP
  
  12288:H2FKUnggYedaoWBDXIEUYOgG7fnEW+rvAA2uxQR:H0ggVazrBU7vEBY4KR
Score

10^/10

gozi 20000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi20000bankerisfbtrojan

behavioral2

gozi20000bankerisfbtrojan