gozi | 0fa7c98d793b8c71d6ba29bde4fd449e497b246f92ab30403330fae3d8cb6ffd | Triage

Sharing

General

Target

server.exe
Size

177KB
Sample

230320-nwn78afc9w
MD5

7e7372ed34c76cbeca4461bd6dbbfe62
SHA1

5825f7a6272108b061a557171da9b8ef6b780028
SHA256

0fa7c98d793b8c71d6ba29bde4fd449e497b246f92ab30403330fae3d8cb6ffd
SHA512

2548449b2e5e623600ab080a8213df3164bee0fa9e4690a31c8aac45f856fb7a786dbfc5150202757fe3512ad0d25afc8f635ba67ab08f778c51a9ebb461e284
SSDEEP

3072:iN5tPqqyTcVsXaHJNM1NjtJMD1U85En8d/LZM:MlqJPaHihCm85En81Z

Score

10^/10

gozi 7715 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  server.exe
- Size
  
  177KB
- MD5
  
  7e7372ed34c76cbeca4461bd6dbbfe62
- SHA1
  
  5825f7a6272108b061a557171da9b8ef6b780028
- SHA256
  
  0fa7c98d793b8c71d6ba29bde4fd449e497b246f92ab30403330fae3d8cb6ffd
- SHA512
  
  2548449b2e5e623600ab080a8213df3164bee0fa9e4690a31c8aac45f856fb7a786dbfc5150202757fe3512ad0d25afc8f635ba67ab08f778c51a9ebb461e284
- SSDEEP
  
  3072:iN5tPqqyTcVsXaHJNM1NjtJMD1U85En8d/LZM:MlqJPaHihCm85En81Z
Score

10^/10

gozi 7715 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi7715bankerisfbtrojan

behavioral2

gozi7715bankerisfbtrojan