gozi | c1564e8a73107c41618e8f36568924dfe286f6b1a82bd4b97ad18097a9693505 | Triage

Sharing

General

Target

lame.zip
Size

89KB
Sample

230413-q17apsdb21
MD5

510f82170f97b6eb1603c6f0790fc75e
SHA1

42ebc264ae18d7f85d5a517b58a51bc8a87f37da
SHA256

c1564e8a73107c41618e8f36568924dfe286f6b1a82bd4b97ad18097a9693505
SHA512

7c47d5551e98d0eefd0b6597cfde03028925d923b71d4737698f284e303b33b778dd5fc4885a549580c398c3e8d8e29b28231633451db31589444ac995798586
SSDEEP

1536:7Mpt/KPV6Wd2qrduX0esp4EBKku6QuGaXdiLAXV2ma0sFMPiQq2X9oOf:7MpFKUWd2qrd0pE4ku6QuGsiWV2t0sFQ

Score

10^/10

gozi 1000 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

https://vertalis.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  lame.dll
- Size
  
  187KB
- MD5
  
  600764b14a6e39961594ed8e67c3eeb6
- SHA1
  
  5b5cc61391968958236d54eb0fe7229386b58c64
- SHA256
  
  dbbd275a4b1da0b93a1ef2c5e7c75f5f020979dcc502fd1bc28b3b40cf1d255a
- SHA512
  
  a7636a755d816f386ec650648f96ab4c55ddd05bd607ca59868e66af079e0e9b829947d407e17bd68c1208d6ae7f985f602388270289cab9ba26d253f2f38c18
- SSDEEP
  
  3072:Q4+YN4lPeFpVa5f8gy5q86UIQz+GypacRLu1O+TvTIGapG4S+1prXFnK:cCQ7y5qzzJpVRLu1fcjDV9K
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan