gozi | 310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed | Triage

Sharing

General

Target

310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
Size

372KB
Sample

230322-kzvbvshh21
MD5

7e98e8fbf2fec9c9d36896a08a26a97f
SHA1

d3c22e099df48f78765bba4b64e3f006a9e0bcdd
SHA256

310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
SHA512

6d56845449783147539c38f6418bd2387c92c4bb0fba9040c8130db8c6097cf77557a924337541798dd3b3c1ff5aab00864479867cddcd2512e83bdac963decd
SSDEEP

6144:NbP57UDV0iDt00LKwwmFxDa9oNiEZ/LbseQB7G9wRENL:NbsV5t0gkgDa9oNiEZ/LbFQmrL

Score

10^/10

gozi 8877 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

ocsp.digicert.com

aus5.mozilla.org

palominoloopus.website

dresdengrauwes.website

Attributes

base_path
/hleedol/
build
250187
dga_season
10
exe_type
loader
extension
.lua
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
- Size
  
  372KB
- MD5
  
  7e98e8fbf2fec9c9d36896a08a26a97f
- SHA1
  
  d3c22e099df48f78765bba4b64e3f006a9e0bcdd
- SHA256
  
  310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
- SHA512
  
  6d56845449783147539c38f6418bd2387c92c4bb0fba9040c8130db8c6097cf77557a924337541798dd3b3c1ff5aab00864479867cddcd2512e83bdac963decd
- SSDEEP
  
  6144:NbP57UDV0iDt00LKwwmFxDa9oNiEZ/LbseQB7G9wRENL:NbsV5t0gkgDa9oNiEZ/LbFQmrL
Score

10^/10

gozi 8877 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi8877bankerisfbtrojan

behavioral2

gozi8877bankerisfbtrojan