Overview

overview

10

Static

static

3

ini.dll

windows7-x64

10

ini.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ini.dll

  • Size

    197KB

  • Sample

    230518-tr3spsbh4x

  • MD5

    0a1878191571315e6f53ff8b82d34233

  • SHA1

    35313b3ad8f1adf404cc89ef6c778a9dca2cd879

  • SHA256

    3b57e3be3e97f299c430572ac5caa4dabdbdf04fe232da2da02300743381d19d

  • SHA512

    c1fb158496085e08ea8d80902d783db249aa453acc935ca5904fea1477af462318b6e9b6f75650aee8beda2344746d03b11ff805be402dff9a271800d43dfc56

  • SSDEEP

    3072:xaHdKyKCUzG69KPElVBOMa9A4+t9mNo8bbAFE4cGC/P7aXnypI+oF3b8:IHMyAGYuEhsLMYO8PUE4clPQnyaF3b8

Score
10/10
gozi1000bankerldr4trojan

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://bastarka.top

Attributes
  • host_keep_time

    2

  • host_shift_time

    1

  • idle_time

    1

  • request_time

    10

aes.plain

Targets

    • Target

      ini.dll

    • Size

      197KB

    • MD5

      0a1878191571315e6f53ff8b82d34233

    • SHA1

      35313b3ad8f1adf404cc89ef6c778a9dca2cd879

    • SHA256

      3b57e3be3e97f299c430572ac5caa4dabdbdf04fe232da2da02300743381d19d

    • SHA512

      c1fb158496085e08ea8d80902d783db249aa453acc935ca5904fea1477af462318b6e9b6f75650aee8beda2344746d03b11ff805be402dff9a271800d43dfc56

    • SSDEEP

      3072:xaHdKyKCUzG69KPElVBOMa9A4+t9mNo8bbAFE4cGC/P7aXnypI+oF3b8:IHMyAGYuEhsLMYO8PUE4clPQnyaF3b8

    Score
    10/10
    gozi1000bankerldr4trojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks