gozi | d626dbd4711a19522a5695a113975dbed2ddaab79e402b548e004fd4706fb8c7 | Triage

Submit
Reports

Overview

overview

Static

static

1

a(1).msi

windows7-x64

a(1).msi

windows10-2004-x64

Sharing

General

Target

a(1)2.zip
Size

1.1MB
Sample

230517-tjsb1aff77
MD5

0d0b2130b9aec308b0400589037fa53f
SHA1

5f15ea7ba22fe60fc22c706fe1b4ee88f2ea89cc
SHA256

d626dbd4711a19522a5695a113975dbed2ddaab79e402b548e004fd4706fb8c7
SHA512

cac77e906e28ed2d99ceab945c55f9d16837f0125a112dc0d9f1ef92a55b29b32a1d41153eb7a0086ce9cef2675a52ef37dd158c9422b7cdb80951707679b0b0
SSDEEP

24576:FdLPnpJGrok203ADi/cKH3UT0GGaH5pehUeZZWcm:bMoVyADikeUQUpehjZdm

Score

10^/10

gozi 1000 banker ldr4 trojan

Static task

static1

Behavioral task

behavioral1

Sample

a(1).msi

Resource

win7-20230220-en

gozi 1000 banker ldr4 trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a(1).msi

Resource

win10v2004-20230220-en

gozi 1000 banker ldr4 trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://bastarka.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  a(1).msi
- Size
  
  1.9MB
- MD5
  
  40063b0d2cc2ad8d2a4f417437f00bd6
- SHA1
  
  cd9422f560eb663c44aae11ee04caf44d33f48ea
- SHA256
  
  9540647deb1906e0cd500b77f0632ffdac6d76f079ab32835cf5efa225e4e0ea
- SHA512
  
  138278449a7f0473131abc9b7d6880abe58bcc8ceef90282fa38397092e07914e282a31a47a00b6695548bf8ce4786dd60500225185129f281c1dbc9f9a09d6d
- SSDEEP
  
  49152:+pyP2OmJH6g7sJzM+C5JCNS5WPvwaq8G5tBKXUWcUAaypBG:BjJzMUp3GXgEWcpHG
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan

© 2018-2024

Terms | Privacy