gozi | 8291f9579288153e0a1812c6c528563634c5c41b0916c606f7d8b4544ccc381a | Triage

Sharing

General

Target

ginumtue.fpi
Size

220KB
Sample

230425-p5386sad86
MD5

9627a223cebc074cefb834370cba058a
SHA1

73c470ad9203150629b13d7f077000aa4f335f26
SHA256

8291f9579288153e0a1812c6c528563634c5c41b0916c606f7d8b4544ccc381a
SHA512

283b341fa4bc999dd32586f8914adad9c51ee9533a35fb2c30c165c11f9e4d843062252651bf103183c11cb8ba66d1118df31558f7c59b881f85a2507148ff5a
SSDEEP

1536:iYrO9JaI9HwxtB3wjCaNhQ8yl6sUdM8FOIUa:2HJ9HQv3wFNh6U6pIUa

Score

10^/10

gozi 777777 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

777777

C2

trackingg-protectioon.cdn4.mozilla.net

176.10.111.233

91.241.93.192

45.155.249.200

45.155.250.216

Attributes

base_path
/fonts/
build
250257
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  ginumtue.fpi
- Size
  
  220KB
- MD5
  
  9627a223cebc074cefb834370cba058a
- SHA1
  
  73c470ad9203150629b13d7f077000aa4f335f26
- SHA256
  
  8291f9579288153e0a1812c6c528563634c5c41b0916c606f7d8b4544ccc381a
- SHA512
  
  283b341fa4bc999dd32586f8914adad9c51ee9533a35fb2c30c165c11f9e4d843062252651bf103183c11cb8ba66d1118df31558f7c59b881f85a2507148ff5a
- SSDEEP
  
  1536:iYrO9JaI9HwxtB3wjCaNhQ8yl6sUdM8FOIUa:2HJ9HQv3wFNh6U6pIUa
Score

10^/10

gozi 777777 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi777777bankerisfbtrojan

behavioral2

gozi777777bankerisfbtrojan