gozi | 9d784a60e974f1f753016bf6dbd24abd655fba9568e99fbb797d49418de34dad | Triage

Sharing

General

Target

9d784a60e974f1f753016bf6dbd24abd655fba9568e99fbb797d49418de34dad.dll
Size

791KB
Sample

230518-tvv72ada26
MD5

3943a85ba5405de2be7de7371fe5f555
SHA1

27f1352aa9d9162316b21449ffe8bcb461633196
SHA256

9d784a60e974f1f753016bf6dbd24abd655fba9568e99fbb797d49418de34dad
SHA512

7241d058e0c3e8dbc3fe2bdb8bd48b553acb0f008d2d2275a6ce761b396d87a0da473731c754dd566cba50759e95bbd4fa87018a9fabc59af858da0918b9a792
SSDEEP

6144:ag9kCFll0nqSJAFjq+WRUprSlKcLlR4u028aTBfTL/EF/SgzGdADOPminws1ewz7:aYkiBqYVaTx/Gtfqzwsz3rpfgkltFl

Score

10^/10

gozi 1000 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://bastarka.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  9d784a60e974f1f753016bf6dbd24abd655fba9568e99fbb797d49418de34dad.dll
- Size
  
  791KB
- MD5
  
  3943a85ba5405de2be7de7371fe5f555
- SHA1
  
  27f1352aa9d9162316b21449ffe8bcb461633196
- SHA256
  
  9d784a60e974f1f753016bf6dbd24abd655fba9568e99fbb797d49418de34dad
- SHA512
  
  7241d058e0c3e8dbc3fe2bdb8bd48b553acb0f008d2d2275a6ce761b396d87a0da473731c754dd566cba50759e95bbd4fa87018a9fabc59af858da0918b9a792
- SSDEEP
  
  6144:ag9kCFll0nqSJAFjq+WRUprSlKcLlR4u028aTBfTL/EF/SgzGdADOPminws1ewz7:aYkiBqYVaTx/Gtfqzwsz3rpfgkltFl
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan