gozi | 2e93682935ab93fcb97ede1f8aba8076adf5e440a40a407a96f97c1b3af5188f | Triage

Sharing

General

Target

Contratto.url
Size

189B
Sample

230324-msl31sdg42
MD5

084628be20c0cc112964dc4efe6dbc93
SHA1

5535112912b97b970ba4b3b7d51896658beadb46
SHA256

2e93682935ab93fcb97ede1f8aba8076adf5e440a40a407a96f97c1b3af5188f
SHA512

8f2864a3c09fd7db9b390ef50e90bdd540455dec909ed8ed7afb681517b11c9dfbb5ab205b975103b9d3c0e6d44eca1a30c7af905593b5d72d6541b8b2bf6c8a

Score

10^/10

gozi 7716 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133

Attributes

base_path
/drew/
build
250255
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Contratto.url
- Size
  
  189B
- MD5
  
  084628be20c0cc112964dc4efe6dbc93
- SHA1
  
  5535112912b97b970ba4b3b7d51896658beadb46
- SHA256
  
  2e93682935ab93fcb97ede1f8aba8076adf5e440a40a407a96f97c1b3af5188f
- SHA512
  
  8f2864a3c09fd7db9b390ef50e90bdd540455dec909ed8ed7afb681517b11c9dfbb5ab205b975103b9d3c0e6d44eca1a30c7af905593b5d72d6541b8b2bf6c8a
Score

10^/10

gozi 7716 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi7716bankerisfbtrojan