Overview

overview

10

Static

static

1

Agenzia/Ag...xt.url

windows7-x64

1

Agenzia/Ag...xt.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Agenzia.zip

  • Size

    475B

  • Sample

    230314-j5mnjagd4v

  • MD5

    a6dd4b0b675c913bdb6626ace07b7d6a

  • SHA1

    892b2de82045ccda288210d8158391b947fbf0bb

  • SHA256

    1fede186e9d9666ce4eff1882ce3bdca66c9a121ea9773d8e57747912e8ad57e

  • SHA512

    6bd32596bbbb299f3a1d51d26b3541b6b276267cefe89bdef2ec91b09482c98de6e38840684b48d8728e2400899bb6ca36f2b043ecd1ebd05454e5d8ff26b752

Score
10/10
gozi7713bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

7713

C2

checklist.skype.com

62.173.142.51

94.103.183.153

193.233.175.111

109.248.11.145

31.41.44.106

191.96.251.201
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      Agenzia/Agenzia.txt.url

    • Size

      195B

    • MD5

      cc689d7d4fa6905ebc5958630848fa00

    • SHA1

      3d0ca3eeb7a45d2367b0693188ba99cf68f6a520

    • SHA256

      67f14cb9d372a7a295a96a82f2eab679b7373f3613df6b8dcf9434482047caa1

    • SHA512

      974c9c969029636eb6db168cc65ddaed096b2695815107f8f0c14da0ab419c7ac25c76a8f16eeaad03102efcd918991f11e7a9685a1fb94a851280349862efdd

    Score
    10/10
    gozi7713bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks