gozi | 06b5bb72ecfdbc83b1ab3c7893fc78a5efcc1070d36291cea930d73787bcf8fd | Triage

Sharing

General

Target

06b5bb72ecfdbc83b1ab3c7893fc78a5efcc1070d36291cea930d73787bcf8fd
Size

147KB
Sample

230524-q3485acg44
MD5

1da33c0e85fe3561e14dfeb253591a3f
SHA1

057395c28b50881bbf1538db08a5d1a92d98199b
SHA256

06b5bb72ecfdbc83b1ab3c7893fc78a5efcc1070d36291cea930d73787bcf8fd
SHA512

2eb12a149c8dfa2ae25e23beeb484d8d0162a4cd78c47018456ac560e8e46b185422597b610efebef166402ec6d232f6894278844da0169e4ad751eb1bc43f4f
SSDEEP

1536:d+1NvwbTdTzagWHbKTkTmS051bmYotyFxX2g8P5ioQ+sj9:oN4bTdqRHpT61SYoCl8P5+j9

Score

10^/10

gozi 1100 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1100

C2

golang.feel500.at/api1

api10.laptok.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  06b5bb72ecfdbc83b1ab3c7893fc78a5efcc1070d36291cea930d73787bcf8fd
- Size
  
  147KB
- MD5
  
  1da33c0e85fe3561e14dfeb253591a3f
- SHA1
  
  057395c28b50881bbf1538db08a5d1a92d98199b
- SHA256
  
  06b5bb72ecfdbc83b1ab3c7893fc78a5efcc1070d36291cea930d73787bcf8fd
- SHA512
  
  2eb12a149c8dfa2ae25e23beeb484d8d0162a4cd78c47018456ac560e8e46b185422597b610efebef166402ec6d232f6894278844da0169e4ad751eb1bc43f4f
- SSDEEP
  
  1536:d+1NvwbTdTzagWHbKTkTmS051bmYotyFxX2g8P5ioQ+sj9:oN4bTdqRHpT61SYoCl8P5+j9
Score

10^/10

gozi 1100 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1100bankerisfbtrojan

behavioral2

gozi1100bankerisfbtrojan