gozi

General

Target

Normativa37.zip
Size

491B
Sample

230322-h7s3nafd88
MD5

de4ca12df2e6fddf8e937a160f401e30
SHA1

21b22b7acd90e54ccc9c706ef9f1ef0ea0d774dd
SHA256

c0b94c66db218563d8c9ef86ea86d49d86a364d02f5912c3cfc48adad91993f9
SHA512

67fe5910512a17ed9d77e0f7f337f00127709e4ded11d610691902a52cac8afcfbea0fa17dfe19ba5f1fe5f9f2f9112f63aef9ded27036c2bb7a74185b4a8adb

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Targets

- Target
  
  Normativa/Normativa.url
- Size
  
  194B
- MD5
  
  7223cc1975393443d4d161492d0f932e
- SHA1
  
  2fc8c648559e862b3191088450781b5d33debd5f
- SHA256
  
  ec178c6a29aa42213ac7287e45d8378632e145ef650dd5734f247129bd364dbb
- SHA512
  
  5c5eec290b156c760c44dd9b7162a5cf9e3f2f4e1f9ef494dcbf5ef2f12fd51801b1170b36f39ab2342467f7701bfe4bd292b7cd5418c4b87717e7abfc31ef5a
Score

10^/10

gozi 7715 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2