Overview

overview

10

Static

static

3

nope.dll

windows7-x64

10

nope.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nope.dll

  • Size

    561KB

  • Sample

    230524-p3gmdsce48

  • MD5

    75e89365c4cb3b03e2aa4ca4e196274a

  • SHA1

    5b561d25518c7b027ae8b2afa2ff29791130071c

  • SHA256

    29af49de0b319c38f3d83f5c4eaca274b84e5a9084e3b486317bc48cfec2bd7c

  • SHA512

    2842b2b715c55a6c937b5795d094c26db86a43e1c4c458938c3dcc141e7110dd4d601e45c68ec0edbb8c259562458b3f9112c3eb5ecc94073986e662850d19e4

  • SSDEEP

    12288:frLPENPga63FHCkgGwWPSHlRzP8waiWgCCiYmGEnxVT:frLs1V63FpgGwWKfYwairCCitvxp

Score
10/10
gozi20000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

trackingg-protectioon.cdn4.mozilla.net

http://79.132.129.207

http://94.247.42.106

http://94.247.42.79

http://185.212.44.76

http://45.155.249.200

http://45.155.250.216
Attributes
  • base_path

    /zerotohero/

  • build

    250257

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      nope.dll

    • Size

      561KB

    • MD5

      75e89365c4cb3b03e2aa4ca4e196274a

    • SHA1

      5b561d25518c7b027ae8b2afa2ff29791130071c

    • SHA256

      29af49de0b319c38f3d83f5c4eaca274b84e5a9084e3b486317bc48cfec2bd7c

    • SHA512

      2842b2b715c55a6c937b5795d094c26db86a43e1c4c458938c3dcc141e7110dd4d601e45c68ec0edbb8c259562458b3f9112c3eb5ecc94073986e662850d19e4

    • SSDEEP

      12288:frLPENPga63FHCkgGwWPSHlRzP8waiWgCCiYmGEnxVT:frLs1V63FpgGwWKfYwairCCitvxp

    Score
    10/10
    gozi20000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks