gozi | 91f43080ba2e8417a8a04773cacba0b0ef82a9cf6d09399bc2cb53a16161295e | Triage

Submit
Reports

Overview

overview

Static

static

1

a(2).msi

windows7-x64

a(2).msi

windows10-2004-x64

Sharing

General

Target

a(2)2.zip
Size

996KB
Sample

230518-sq511acg57
MD5

9de856b9a043f5ce3a0c54be2b8eaf81
SHA1

a541f8daab5671269c8372430a0ea673b9cf1477
SHA256

91f43080ba2e8417a8a04773cacba0b0ef82a9cf6d09399bc2cb53a16161295e
SHA512

4c889e11e0da68d3f05ecc6d51b4d199dacc84c7f8113307770213b340504ea7f7b7ff75a01f742a7c0976193b17a28714558ffb3db95dac06d88168a946429d
SSDEEP

24576:LkoGb+eHTEF6HrVqBOWdb8y2tbF1GfPzCZfyukw/y:h54frVOBdvBzSfhV/y

Score

10^/10

gozi 1000 banker ldr4 trojan

Static task

static1

Behavioral task

behavioral1

Sample

a(2).msi

Resource

win7-20230220-en

gozi 1000 banker ldr4 trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a(2).msi

Resource

win10v2004-20230220-en

gozi 1000 banker ldr4 trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://bastarka.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  a(2).msi
- Size
  
  1.8MB
- MD5
  
  7fc18c44f481a5941e2d068a2cdebe0e
- SHA1
  
  11b7d2d7451c80621f657662eb738966e2026098
- SHA256
  
  c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa
- SHA512
  
  798a262fc73b74ddf19a5d6510aa692c3c083d212e473c3b41148e2261064fafd2e74cb92001bf55e92c15141bda85ead5d79e9f93ddd16738dd073bc3eb37d7
- SSDEEP
  
  49152:vpyP2OmJH6g7sJzM+C5JCNS5WPvwaq7m6x:6jJzMUpc
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan

© 2018-2024

Terms | Privacy