gozi | f168d4dbcc2a3e70e6c75a70404a62173e46b24f18ccfdb8593f68e9ecaebf08 | Triage

Sharing

General

Target

Documenti.zip
Size

474B
Sample

230307-n14hpshg85
MD5

f1a6cd0e789711d616a3eaf0da992098
SHA1

7b97c473409cefa0fc5ef9dbb3de61401aec2127
SHA256

f168d4dbcc2a3e70e6c75a70404a62173e46b24f18ccfdb8593f68e9ecaebf08
SHA512

19559f6d0e2bd371183443fe5354887f34185394d931a5927562133c772e07cd6b9ba7a2d75625f445f5b90cb9ee457356e4df73ae2294fd9420977bd68b9a74

Score

10^/10

gozi 7710 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  Documenti/Documenti.url
- Size
  
  188B
- MD5
  
  6bbce3224d51716918724a26773d1568
- SHA1
  
  bef9631a0f449cd82532cde7e482f2a68f1f74d5
- SHA256
  
  340a759b1c1cdc22f6fac84044d072475e1630fbb7f47d96c4e18413de34d570
- SHA512
  
  ba44815ad7bdb2d801d7adbc22104fa5e18d84bde924e96e57a60c3d112fd95b18ae11cdecb5429e2e501792474403b72396dff02a941b9667b6f5b8295fdbbf
Score

10^/10

gozi 7710 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi7710bankerisfbtrojan