Overview

overview

10

Static

static

1

required d...s3.exe

windows7-x64

10

required d...s3.exe

windows10-2004-x64

10

required d...er.dll

windows7-x64

3

required d...er.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    required_documents-85515212.zip

  • Size

    2.9MB

  • Sample

    230307-1s6pbabg21

  • MD5

    d402be607693d7d4e954f43b048b3386

  • SHA1

    68d01ad6e5091106babc495ce1e1bc4a22a3bf98

  • SHA256

    5e9ce91eea4b67d7c7d4326c7a5784191c7bfdfc29d434236515d6b9c684e8bb

  • SHA512

    06648ac2664d2f50eab6fb65e96acbb34a4fdd54242f3dadd1f0ec58382cb742dd2b19a3a31c729773fd19f3043b37e8354e09e2f0f9ad339278d63b088e5c7b

  • SSDEEP

    49152:r3VtWohOC9Y4kPqmtY9IwrXRXyIqX0pvXUaeiSTaGwY2vsvi:5tWhkY4SQIohMkvEpCY2vsvi

Score
10/10
gozi20000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

https://checklistg.google.com

http://185.189.151.250

https://edge14.microsoft.com

http://45.11.181.117
Attributes
  • base_path

    /binaries/

  • build

    250255

  • exe_type

    loader

  • extension

    .ato

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      required documents-85515212/documents3.exe

    • Size

      674.4MB

    • MD5

      e99b40631894b96eecebc1a476550691

    • SHA1

      f0e6f67e727da0b8b83e8240f62b530e72222cc3

    • SHA256

      1c55958b80f2064080a93d114397ce0e88b94cbcf0ed15fb98bccdc070046a54

    • SHA512

      a7c4714cbf37f4a0ba8120ceacd576fac5e9bfed5d25f7eca65e27518d680f60b3eefd7b426a3a391640e64effcaff77e3cf4a3fe9c67425a3ba6ab1f7fb6427

    • SSDEEP

      12288:O2FKUnggYedaoWBDXIEUYOgG7fnEW+rvAA2uxQFHAxW:O0ggVazrBU7vEBY4KFHL

    Score
    10/10
    gozi20000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

    • Target

      required documents-85515212/vk_swiftshader.dll

    • Size

      4.8MB

    • MD5

      80cab86c2f4419b674012c3756d088c2

    • SHA1

      89a3a42aba421cb5f924c89a89734f952153bd7d

    • SHA256

      479f3a6dd641d18652b30f7e6971eadcd580b1428b9ce9a1878d5e6b057c3a98

    • SHA512

      1d0cca96db6e691f617b456754c02eda64a35eed2aa8566444c116969cdda16ecc84606b2d97210c964e198c62955a5f999fcc612eb282d131cf5c1bf1fa0e24

    • SSDEEP

      49152:Af94LbaELx0yxWN1E1jAIHmNSfma2jX+fFMyngJH4vbU5Hyt4EJOhmCIWyruHYD0:i4LKhQabHUJ8mdW45AUqXcAUwBb

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks