gozi | 29547f7ced48000841e1ee6e5da03bcfb21722d9e60687356ab2d1e000733f21 | Triage

Sharing

General

Target

Direzione.zip
Size

477B
Sample

230308-mjq1lsfa5x
MD5

2f691532aca6d401f39f7d23be9c560f
SHA1

b76ebef436b0e9cc0e96a35d155f685231973817
SHA256

29547f7ced48000841e1ee6e5da03bcfb21722d9e60687356ab2d1e000733f21
SHA512

7adb899b640d661a0c56358a7267d54766e9c57296e6137b15d109aa9df3beff377492e64af8bf305044a87b2f1a039fec84b0998d8ee8143f3b2105deb82adc

Score

10^/10

gozi 7711 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  Direzione/Direzione.url
- Size
  
  191B
- MD5
  
  361301f6ad56d5f44ed70afcbf223df0
- SHA1
  
  1195b135d96ee1214531ba0c6146318f2524bea8
- SHA256
  
  2362e52e347d77a6b101b80057d9770e44a44599889385a83822625901631583
- SHA512
  
  394a2f7d97b7bd70e5827f0294deaee00a710fe931fad8a964ca6f694997de61a3dbd3f63e57a2f119733ea2150c5b1379a4f92b0d871f9714317cc67d9c8284
Score

10^/10

gozi 7711 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi7711bankerisfbtrojan