gozi | 83ece9c5d6ffe0e99276becec96bc1c181a731ebd2fb95eaef329d2fbbec7271 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f9f62850609b83da61dab3c35786e73fffb577b
Size

360KB
Sample

230322-nrnqwsge58
MD5

efbf74507e9d74f3e972192b91e56b86
SHA1

3f9f62850609b83da61dab3c35786e73fffb577b
SHA256

83ece9c5d6ffe0e99276becec96bc1c181a731ebd2fb95eaef329d2fbbec7271
SHA512

6d30fb7aec379ed2d70c74c624252245602a4cd756e2aaaa4609444fdb98a2ce239af9d3b2f6d5fb81272278467a449bb2a3a5e9e6d3986327a484f3f283ebca
SSDEEP

3072:9iPDl3kk8R4hjb9rDSi26AhZL9xFSjMfur0VZclldBYkKKu23hzA2gAgwn0JV:cZq2r+ic5xFSj3mMBCKTA2j

Score

10^/10

gozi 7715 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3f9f62850609b83da61dab3c35786e73fffb577b
- Size
  
  360KB
- MD5
  
  efbf74507e9d74f3e972192b91e56b86
- SHA1
  
  3f9f62850609b83da61dab3c35786e73fffb577b
- SHA256
  
  83ece9c5d6ffe0e99276becec96bc1c181a731ebd2fb95eaef329d2fbbec7271
- SHA512
  
  6d30fb7aec379ed2d70c74c624252245602a4cd756e2aaaa4609444fdb98a2ce239af9d3b2f6d5fb81272278467a449bb2a3a5e9e6d3986327a484f3f283ebca
- SSDEEP
  
  3072:9iPDl3kk8R4hjb9rDSi26AhZL9xFSjMfur0VZclldBYkKKu23hzA2gAgwn0JV:cZq2r+ic5xFSj3mMBCKTA2j
Score

10^/10

gozi 7715 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi7715bankerisfbtrojan

behavioral2

gozi7715bankerisfbtrojan