gozi | c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa | Triage

Submit
Reports

Overview

overview

Static

static

1

a.msi

windows7-x64

a.msi

windows10-2004-x64

Sharing

General

Target

a.msi
Size

1.8MB
Sample

230518-rtj29scd96
MD5

7fc18c44f481a5941e2d068a2cdebe0e
SHA1

11b7d2d7451c80621f657662eb738966e2026098
SHA256

c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa
SHA512

798a262fc73b74ddf19a5d6510aa692c3c083d212e473c3b41148e2261064fafd2e74cb92001bf55e92c15141bda85ead5d79e9f93ddd16738dd073bc3eb37d7
SSDEEP

49152:vpyP2OmJH6g7sJzM+C5JCNS5WPvwaq7m6x:6jJzMUpc

Score

10^/10

gozi 1000 banker ldr4 trojan

Static task

static1

Behavioral task

behavioral1

Sample

a.msi

Resource

win7-20230220-en

gozi 1000 banker ldr4 trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a.msi

Resource

win10v2004-20230220-en

gozi 1000 banker ldr4 trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://bastarka.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  a.msi
- Size
  
  1.8MB
- MD5
  
  7fc18c44f481a5941e2d068a2cdebe0e
- SHA1
  
  11b7d2d7451c80621f657662eb738966e2026098
- SHA256
  
  c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa
- SHA512
  
  798a262fc73b74ddf19a5d6510aa692c3c083d212e473c3b41148e2261064fafd2e74cb92001bf55e92c15141bda85ead5d79e9f93ddd16738dd073bc3eb37d7
- SSDEEP
  
  49152:vpyP2OmJH6g7sJzM+C5JCNS5WPvwaq7m6x:6jJzMUpc
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan

© 2018-2024

Terms | Privacy