gozi | 325f7b8b082c01f0b950f001c0bef4d0fc3bb5cef1a8a74bc9dc60be3bdc32e7 | Triage

Sharing

General

Target

6424024a060bf.tiff.dll
Size

613KB
Sample

230329-k96smsff67
MD5

ae85c25efdd62bed6e2c3ed12a22a217
SHA1

07ce0da778545abed3755151950c068299decfa7
SHA256

325f7b8b082c01f0b950f001c0bef4d0fc3bb5cef1a8a74bc9dc60be3bdc32e7
SHA512

609c667c364285856e265a1cab629b482f9dd0ad91c1a0cfd39e29dbda2158228f21fbc7c33bc9fcd10268b75fd858aed31b6d9ecbcee48ba19f240c56644920
SSDEEP

12288:T0UQoMETWK5TpM7vBzCpgbiH4tDjwRQm3WG5Tms:ZQoMETWK5Te79CpgbiH4xjwRBW5s

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.186

Attributes

base_path
/jerry/
build
250255
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  6424024a060bf.tiff.dll
- Size
  
  613KB
- MD5
  
  ae85c25efdd62bed6e2c3ed12a22a217
- SHA1
  
  07ce0da778545abed3755151950c068299decfa7
- SHA256
  
  325f7b8b082c01f0b950f001c0bef4d0fc3bb5cef1a8a74bc9dc60be3bdc32e7
- SHA512
  
  609c667c364285856e265a1cab629b482f9dd0ad91c1a0cfd39e29dbda2158228f21fbc7c33bc9fcd10268b75fd858aed31b6d9ecbcee48ba19f240c56644920
- SSDEEP
  
  12288:T0UQoMETWK5TpM7vBzCpgbiH4tDjwRQm3WG5Tms:ZQoMETWK5Te79CpgbiH4xjwRBW5s
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan