Overview

overview

10

Static

static

1

Agenzia/Agenzia.url

windows7-x64

1

Agenzia/Agenzia.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Agenzia736.zip

  • Size

    476B

  • Sample

    230324-j55jcafc2s

  • MD5

    b25fa0c7c28bb4eabcfc4710cbceb3fd

  • SHA1

    b3284da7215ab5048bdff9286a7d37f6545cb20b

  • SHA256

    9d6b413748da3fbfbf2b3b4f980673770f474c1ab1865c00272424455f47a362

  • SHA512

    428e9b7019df1237593789c31af516ab5116c49fe1149e9e9fedcc84b1fb59d968dad504f677c0ca523c98bb057b78e9fd80026f1ea94ffaeb8c57370b3c570e

Score
10/10
gozi7716bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      Agenzia/Agenzia.url

    • Size

      189B

    • MD5

      0c3f7c2aa0311bf8c761b9b4e8b33d45

    • SHA1

      4eaa085327b0cd857d43aacffdbc7963a67523d2

    • SHA256

      025f536aab4e91765785e1d0897b55674f217b871e2afe0dba10ad1c5a9f1417

    • SHA512

      710eeb07fbab0b978064220d3ed36bd7de04987f7e3f9a75a1920dd793847606a205d9205b4745edb59e65e3433ef84e7e98c8213017d24e2379533ffd0962b2

    Score
    10/10
    gozi7716bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks