gozi | db6b418471d5ae8b92df0d0ca50fe0f2a4b4e7e8b57700c28309bbbe1826aadb | Triage

Sharing

General

Target

597.exe
Size

168KB
Sample

230322-j8cbzaff93
MD5

333307be6be7318cb48745cc820d3896
SHA1

29d8cb35e45f5abebf3efc4b9ac40bf6fa3149ff
SHA256

db6b418471d5ae8b92df0d0ca50fe0f2a4b4e7e8b57700c28309bbbe1826aadb
SHA512

c23261cae613816327d2eba77be015847314407685ed8237b185b98ec4f3b8c3c08175f5d7b3d742882a8a8dd2b3073600b57417657c6025020cabb04d75bfaf
SSDEEP

3072:+kiRly3qgNnroGXfEMAJ8nu3Jm3Xdi8fmhm61tap3i1o2s:Gl5gtfE1JrU3XkW4mJi1xs

Score

10^/10

gozi 3316 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
217173

Extracted

Family

gozi

Botnet

3316

C2

hbritneyyi.com

c55wccayla.info

vdorrisacleo.xyz

Attributes

build
217173
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  Device/HarddiskVolume4/Data/CTXProfiles/mtribenga/UPM_Profile/597.exe
- Size
  
  520KB
- MD5
  
  b32e9684b7b980d5e701f5d691e3db31
- SHA1
  
  90eba241c5ec0ac472b180840f423a887401337c
- SHA256
  
  f3f6b15265480c52e302f9f0b31ad6cc9051c16d16f1204bf78866e53c395896
- SHA512
  
  8479ba8ada4c3d8b151fcd8395782ab5782df33dc76fc2e5bdd711842ad81242fed15f47110ae586124ac2530a1e926861f9f57487c7daf58e856874e0d33fc2
- SSDEEP
  
  6144:DAVTFjFS3Q6fYnZy0EVHYNeSgTwl0lJgJ9vcl9CK:DEIQTZvs4NGT7goGK
Score

10^/10

gozi 3316 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi3316bankerisfbtrojan

behavioral2

gozi3316bankerisfbtrojan