gozi | bc2d94e41e50847f7503463e3e6a57497412d9f7a91a227f8906675ddfe0ef23 | Triage

Submit
Reports

Overview

overview

Static

static

1

c9b591e9a5...aa.msi

windows7-x64

c9b591e9a5...aa.msi

windows10-2004-x64

Sharing

General

Target

7fc18c44f481a5941e2d068a2cdebe0e.bin
Size

998KB
Sample

230520-btawlacc3w
MD5

130220c4b805f39d71b89215b0ceb49d
SHA1

8ba57a4a520bb9c2d7a98a14048bfcb1f795b447
SHA256

bc2d94e41e50847f7503463e3e6a57497412d9f7a91a227f8906675ddfe0ef23
SHA512

a2a2d0c955414ef6c520a6134a15129764ed01d273fc6c5090624de6fb7dbcffc4d8bffb29af2640688e579b092c5e53e0dbcd60e1890ee2df8945cf60b96212
SSDEEP

24576:RfR9vfY1yOkz7S6+23BRWWfcpyWYVtixC8wsmeGB:RfRVIi7ZRWWfcFYVow8wjdB

Score

10^/10

gozi 1000 banker ldr4 trojan

Static task

static1

Behavioral task

behavioral1

Sample

c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa.msi

Resource

win7-20230220-en

gozi 1000 banker ldr4 trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa.msi

Resource

win10v2004-20230220-en

gozi 1000 banker ldr4 trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://bastarka.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa.msi
- Size
  
  1.8MB
- MD5
  
  7fc18c44f481a5941e2d068a2cdebe0e
- SHA1
  
  11b7d2d7451c80621f657662eb738966e2026098
- SHA256
  
  c9b591e9a5ccf5416b94aa3b4fac9bece16fb836d1ae4161dcdae295259e01aa
- SHA512
  
  798a262fc73b74ddf19a5d6510aa692c3c083d212e473c3b41148e2261064fafd2e74cb92001bf55e92c15141bda85ead5d79e9f93ddd16738dd073bc3eb37d7
- SSDEEP
  
  49152:vpyP2OmJH6g7sJzM+C5JCNS5WPvwaq7m6x:6jJzMUpc
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan

© 2018-2024

Terms | Privacy