gozi | 3aa75da2773573786f07530f5a09b8e0aacd0402fd11e14d8067b5f4607bbd6a

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/03/2023, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Server.exe
Size

178KB
MD5

9565b4a15a8593ea3ec1f3c9d0a2e11a
SHA1

0954c5387395f0552fa56f5b06b3bb159f0d430b
SHA256

3aa75da2773573786f07530f5a09b8e0aacd0402fd11e14d8067b5f4607bbd6a
SHA512

38c39811e09b664c70da24370fdc2cb555d698a1db868ed236d86c767cf5fb8751e8f5f1db667a4d807f6db39f8511b4753cfc59d9c85d0daa60ebef81a6adb8
SSDEEP

3072:iu7sH/YqGkGehHskiO+hMIPZSyqGr7tA0jtejRXwtig0:psfYq/72jhMIhSyzrh7jte9Oig

Score

10^/10

gozi 7715 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\Server.exe
"C:\Users\Admin\AppData\Local\Temp\Server.exe"
1⤵
PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-55-0x0000000000220000-0x000000000022B000-memory.dmp

Filesize
44KB

Download
memory/1204-56-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/1204-57-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/1204-58-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/1204-59-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads