gozi | d42f53c75818af4aae281a0c3f760e20643852405d69134d03f6ba5c62efe316 | Triage

Sharing

General

Target

646f5dc39a49d.dll
Size

124KB
Sample

230525-qfm2bsah3s
MD5

5228f29cf6d6f1d767a738f3a0920a45
SHA1

81e41245364ed58b01c7ce09842124dd35724d7f
SHA256

d42f53c75818af4aae281a0c3f760e20643852405d69134d03f6ba5c62efe316
SHA512

64d33bc3aa6f9fe9bc273d88013c8b89b7ba3f2e8c2ebb74cee60e935078b816454983f3f96b03872e5e6563ce0b1784818637e689e67450a7f621bee5077755
SSDEEP

1536:IzIQxhgI9srp+jbydmCMhEEqA0PZxVwah4LPKLEuvuJpLfF:AjxhgImp+jbamCMh9c3ByLyAJ1fF

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://fazz.bing.com/check

http://swebbers.com

Attributes

base_path
/jerry/
build
250257
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  646f5dc39a49d.dll
- Size
  
  124KB
- MD5
  
  5228f29cf6d6f1d767a738f3a0920a45
- SHA1
  
  81e41245364ed58b01c7ce09842124dd35724d7f
- SHA256
  
  d42f53c75818af4aae281a0c3f760e20643852405d69134d03f6ba5c62efe316
- SHA512
  
  64d33bc3aa6f9fe9bc273d88013c8b89b7ba3f2e8c2ebb74cee60e935078b816454983f3f96b03872e5e6563ce0b1784818637e689e67450a7f621bee5077755
- SSDEEP
  
  1536:IzIQxhgI9srp+jbydmCMhEEqA0PZxVwah4LPKLEuvuJpLfF:AjxhgImp+jbamCMh9c3ByLyAJ1fF
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan