gozi | 0269dd18c34c8f6da057da162c9ed5c9ab7d2bafd91cec1441d43d2429b8c08b | Triage

Sharing

General

Target

0269dd18c34c8f6da057da162c9ed5c9ab7d2bafd91cec1441d43d2429b8c08b
Size

77KB
Sample

230524-q3h1wsdb8y
MD5

b8bf3d7fe1c9aef81b7f590d76cbca43
SHA1

fa9104109424cdd7f28aaa77d92cdd8f9713e191
SHA256

0269dd18c34c8f6da057da162c9ed5c9ab7d2bafd91cec1441d43d2429b8c08b
SHA512

abe56780c8bdac71612e662e34d9747411ddaffb5787e58864045381bc3c00eb3fee9de5a0c6ab3f255dfb4751fa1a13c3ce9e0eaf3157439beb74fc02e39431
SSDEEP

1536:h6+YO9+zA3PG713sAOFU+okNIX7ioQ+kc:hQO9+zAe71JykkNIX7yc

Score

10^/10

gozi 1100 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1100

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0269dd18c34c8f6da057da162c9ed5c9ab7d2bafd91cec1441d43d2429b8c08b
- Size
  
  77KB
- MD5
  
  b8bf3d7fe1c9aef81b7f590d76cbca43
- SHA1
  
  fa9104109424cdd7f28aaa77d92cdd8f9713e191
- SHA256
  
  0269dd18c34c8f6da057da162c9ed5c9ab7d2bafd91cec1441d43d2429b8c08b
- SHA512
  
  abe56780c8bdac71612e662e34d9747411ddaffb5787e58864045381bc3c00eb3fee9de5a0c6ab3f255dfb4751fa1a13c3ce9e0eaf3157439beb74fc02e39431
- SSDEEP
  
  1536:h6+YO9+zA3PG713sAOFU+okNIX7ioQ+kc:hQO9+zAe71JykkNIX7yc
Score

10^/10

gozi 1100 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1100bankerisfbtrojan

behavioral2

gozi1100bankerisfbtrojan